Default Virtual Directory in IIS 4.0 Allows Proxy for Password Attacks and User Identification

Default Virtual Directory in IIS 4.0 Allows Proxy for Password Attacks and User Identification

CVE-1999-0407 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system.

Learn more about our Cis Benchmark Audit For Microsoft Iis.