Microsoft KB Archive/840603

= Virtual machine credential information is transmitted to IIS without encryption in Virtual Server 2005 =

Article ID: 840603

Article Last Modified on 11/2/2007

-

APPLIES TO


 * Microsoft Virtual Server 2005 Standard Edition

-





SYMPTOMS
When you configure the credentials to run a virtual machine in Microsoft Virtual Server 2005, those credentials are submitted to Microsoft Internet Information Services (IIS) without encryption (in plain text). If you perform this action by using a remote connection to the Virtual Server computer, a malicious user could obtain these credentials.



CAUSE
This issue occurs because the Virtual Server Web application transfers the user name and password information to the IIS Server computer in clear text.



WORKAROUND
To work around this issue, Microsoft recommends that you configure the Virtual Server Web site in IIS to use Secure Sockets Layer (SSL) for communications.



MORE INFORMATION
For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

290625 How to configure SSL in a Windows 2000 IIS 5.0 test environment by using Certificate Server 2.0

For additional information about how to deploy IIS 6.0, download the Windows Server 2003 Deployment Kit: Deploying Internet Information Services (IIS) 6.0. To obtain this guide, visit the following Microsoft Web site:

http://technet2.microsoft.com/WindowsServer/en/Library/2a8f5f93-a14a-47a2-b1f8-f94e09ab10a01033.mspx?mfr=true

Keywords: kbenv kbprb KB840603

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.