TkFast Logo

View FAQ
Print Version

- Servers - Windows -


(posted by on 2014-10-28 12:40:44)
PCI Scan Failure Microsoft Exchange Client Access Server Information ...

Description: Microsoft Exchange Client Access Server Information Disclosure

Synopsis: The remote mail server is affected by an information disclosure vulnerability.

Impact: The Microsoft Exchange Client Access Server (CAS) is affected by an information disclosure vulnerability. A remote, unauthenticated attacker can exploit this vulnerability to learn the server\'s internal IP address.

See also :

http://foofus.net/?p=758

Data Received: SecurityMetrics was able to verify the issue with the following request :

GET /autodiscover/autodiscover.xml HTTP/1.0\\r Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1\\r Accept-Language: en\\r Connection: Keep- Alive\\r User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)\\r Pragma: no-cache\\r Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*

Which returned the following IP address :

BID : 69018

Resolution: There is no known fix at this time.

Risk Factor: Medium/ CVSS2 Base Score: 5.0


Solution:

    To resolve the issue in this example, do the following:



    1. Open the IIS 7 console, expand Sites, Default Web Sites and click on Autodiscover.

    2. Double-click Authentication.

    3. Right-click Basic Authentication and select Edit...

    4. In the Realm field, type the server\'s public hostname in the format hostname.domain.tld and then click OK.

    5. If applicable (e.g.: on Windows SBS 2008), repeat the above process for the Microsoft-Server-ActiveSync and EWS websites in addition to Autodiscover.

    6. Stop IIS and restart it


    Performing the same test in this example should now yield the following response:

    HTTP/1.1 401 Unauthorized
    Content-Type: text/html
    Server: Microsoft-IIS/7.0
    WWW-Authenticate: Negotiate
    WWW-Authenticate: NTLM
    WWW-Authenticate: Basic realm=\"hostname.domain.tld\"
    X-Powered-By: ASP.NET
    Date: Fri, 05 Sep 2014 16:30:41 GMT
    Connection: close
    Content-Length: 58


     


    You can test for the issue with openssl on Linux by running the following command:
    $ openssl s_client -host hostname.domain.tld -port 443




Industries

Broadcast
Corporate
Education
Event Centers
Healthcare
Home Theater
Hospitality
House of Worship
Museums
Residential
Retail


Solutions

Computer
Automation
Web
Phone

Explore

Accolades
Testimonials
Automation Portfolio
Web Portfolio
Design Portfolio

About

Company Info
Staff
Corporate Partnership
News & Events

Contact

TkFast, Inc.
437 South Hydraulic Street
Wichita, KS 67211-1911

Phone: 316-260-2500
Toll Free: 877-TKFAST-1
Fax: 316-260-4242

info@tkfast.com




©2020 TkFast, Inc. All Rights Reserved.  |  Privacy Statement  |  Site Map