Microsoft ISA Server HTTP Authentication Scheme Vulnerability

Microsoft ISA Server HTTP Authentication Scheme Vulnerability

Microsoft Internet Security and Acceleration (ISA) Server is affected by an HTTP authentication scheme vulnerability. This issue is due to a design error that allows users to authenticate using insecure schemes regardless of a configuration that requires SSL.

This issue would potentially lead an unsuspecting user to attempt to authenticate to a web application over insecure channels; attackers may be able to read plaintext authentication credentials even when the affected server is configured to require SSL transactions.