Code: p117 Severity: Notice
Description: This event is generated when an attempt is made to request an HTTP-based password change. Impact: I Information gathering/remote access. Error messages from failed password changes can indicate whether a given account exists on the server. Successful password changes can allow remote access to the server. Corrective: Remove the IISADMPWD virtual directory to disable remote password changes. Consider running the IIS Lockdown Tool to disable HTR functionality.
|
