Microsoft IIS webhits.dll Hit-Highlighting Authentication Bypass
Medium Nessus Plugin ID 31648
SynopsisThe remote web server contains a module which may allow an attacker to bypass authentication.
DescriptionThe remote IIS web server contains a vulnerability in the Server Hit Hilight Module which may allow an attacker to view the contents of a page otherwise requiring authentication.
An attacker may exploit this flaw to bypass authentication on certain pages.