Virtual machine credential information is transmitted to IIS without encryption in Virtual Server 2005 (840603)
The information in this article applies to:
- Microsoft Virtual Server 2005
SYMPTOMSWhen you configure the credentials to run a virtual machine in Microsoft Virtual Server 2005, those credentials are submitted to Microsoft Internet Information Services (IIS) without encryption (in plain text). If you perform this action by using a remote connection to the Virtual Server computer, a malicious user could obtain these credentials. CAUSEThis issue occurs because the Virtual Server Web application transfers the user name and password information to the IIS Server computer in clear text. WORKAROUNDTo work around this issue, Microsoft recommends that you configure the Virtual Server Web site in IIS to use Secure Sockets Layer (SSL) for communications.
Modification Type: | Minor | Last Reviewed: | 11/16/2004 |
---|
Keywords: | kbenv kbprb KB840603 kbAudITPRO |
---|
|