Bypassing ISA 2006 HTTPS redirection rule with HTTP vulnerability publishing SharePoint and OWA - Fix

It was recently pointed out to me that when a user attempts to log onto a SharePoint extranet published web site through ISA they can replace HTTPS in the header with HTTP and user credentials could potentially be sent over the web unencrypted.

For example if a user connects to the site entering http://sharepoint.extranet.com and is redirected to https://sharepoint.extranet.com/cookieauth.dll?<parameters> then the user manually modifies the URL back to HTTP e.g. http://sharepoint.extranet.com/cookieauth.dll?<parameters>.

This is obviously a security vulnerability and Microsoft have published a KB article (958607) describing how to resolve this which can be seen here.

If you have Exchange or SharePoint published via ISA 2006 I would strongly suggest either applying the ISA hot fix or workaround to resolve this.

0 comments:

Post a Comment