Article ID: 840603
Article Last Modified on 11/2/2007
APPLIES TO
- Microsoft Virtual Server 2005 Standard Edition
SYMPTOMS
When you configure the credentials to run a virtual machine in Microsoft Virtual Server 2005, those credentials are submitted to Microsoft Internet Information Services (IIS) without encryption (in plain text). If you perform this action by using a remote connection to the Virtual Server computer, a malicious user could obtain these credentials.
CAUSE
This issue occurs because the Virtual Server Web application transfers the user name and password information to the IIS Server computer in clear text.
WORKAROUND
To work around this issue, Microsoft recommends that you configure the Virtual Server Web site in IIS to use Secure Sockets Layer (SSL) for communications.
MORE INFORMATION
For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
290625 How to configure SSL in a Windows 2000 IIS 5.0 test environment by using Certificate Server 2.0
For additional information about how to deploy IIS 6.0, download the Windows Server 2003 Deployment Kit: Deploying Internet Information Services (IIS) 6.0. To obtain this guide, visit the following Microsoft Web site:
Keywords: kbenv kbprb KB840603