MS KB821724: ISA Server 2000 May Send Basic Credentials Over an External HTTP Connection
Medium Nessus Plugin ID 18491
SynopsisThe remote service is vulnerable to information disclosure.
DescriptionThe remote ISA server is configured in such a way that it may send Basic authentication credentials over an insecure connection.
SolutionUpgrade to the latest version of ISA or apply the patch referenced in KB821724.