Microsoft IIS /iisadmpwd/aexp2.htr Password Policy Bypass
Critical Nessus Plugin ID 10371
SynopsisThe remote web server is affected by a password policy bypass vulnerability.
DescriptionMicrosoft IIS installs the 'aexp2.htr', 'aexp2b.htr', 'aexp3.htr', or 'aexp4.htr' files in the '/iisadmpwd' directory by default. These fiels can be used by an attacker to brute-force a valid username/password. A valid user may also use it to change his password on a locked account, bypassing password policy.
SolutionRemote the HTR ISAPI filter mapping from IIS and use Microsoft Active Directory Service Interfaces for handling accounts remotely.