Microsoft KB Archive/840603

From BetaArchive Wiki
Knowledge Base


Virtual machine credential information is transmitted to IIS without encryption in Virtual Server 2005

Article ID: 840603

Article Last Modified on 11/2/2007


APPLIES TO

  • Microsoft Virtual Server 2005 Standard Edition



SYMPTOMS

When you configure the credentials to run a virtual machine in Microsoft Virtual Server 2005, those credentials are submitted to Microsoft Internet Information Services (IIS) without encryption (in plain text). If you perform this action by using a remote connection to the Virtual Server computer, a malicious user could obtain these credentials.

CAUSE

This issue occurs because the Virtual Server Web application transfers the user name and password information to the IIS Server computer in clear text.

WORKAROUND

To work around this issue, Microsoft recommends that you configure the Virtual Server Web site in IIS to use Secure Sockets Layer (SSL) for communications.

MORE INFORMATION

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

290625 How to configure SSL in a Windows 2000 IIS 5.0 test environment by using Certificate Server 2.0


For additional information about how to deploy IIS 6.0, download the Windows Server 2003 Deployment Kit: Deploying Internet Information Services (IIS) 6.0. To obtain this guide, visit the following Microsoft Web site:

http://technet2.microsoft.com/WindowsServer/en/Library/2a8f5f93-a14a-47a2-b1f8-f94e09ab10a01033.mspx?mfr=true


Keywords: kbenv kbprb KB840603



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/840603&oldid=204782
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki