CVE-2002-0419

Name of the Vulnerable Software and Affected Versions IIS versions 4 through 5.1

Description The issue allows remote attackers to obtain potentially sensitive information, making it easier to conduct brute force attacks. This is achieved through server responses that reveal certain details. In specific configurations, the server IP address is provided as the realm for Basic authentication, potentially exposing real IP addresses hidden by NAT. Additionally, when NTLM authentication is used, the server's NetBIOS name and its Windows NT domain are revealed in response to an Authorization request.

Recommendations For IIS versions 4 through 5.1, consider configuring the server to not reveal the IP address as the realm for Basic authentication and restrict the disclosure of the NetBIOS name and Windows NT domain in NTLM authentication responses. As a temporary workaround, restrict access to the NTLM authentication mechanism until a more secure configuration can be implemented.