IIS Server Security - Login security issue.

This is Interesting: Free IT Magazines  
Home > Archive > IIS Server Security > March 2005 > Login security issue.





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Login security issue.
Michael

2005-03-21, 6:02 pm

I've setup an ASP page to allow users to change their password from a
website in ADS. The script I have is working, I can change the password,
then login with a workstation with the new password and the old password
won't work.

However, if I connect to a website requiring basic authentication, both
passwords work. I've tried closing all browsers to make sure its not
locally cached, plus I've even logged in from a workstation that had no
browsers open and had not previously been authenticated.

It seems to take about 20 minutes for till the old password stops working,
20 minutes is the same as the session timeout.

Could I be reconnecting to the same session even though I've closed all
browsers?

Any ideas on how not to have this happened?

TIA


Tom Kaminski [MVP]

2005-03-21, 6:02 pm

"Michael" <michaelteff@hotmail.com> wrote in message
news:ujpUjUjLFHA.1948@TK2MSFTNGP14.phx.gbl...
> I've setup an ASP page to allow users to change their password from a
> website in ADS. The script I have is working, I can change the password,
> then login with a workstation with the new password and the old password
> won't work.
>
> However, if I connect to a website requiring basic authentication, both
> passwords work. I've tried closing all browsers to make sure its not
> locally cached, plus I've even logged in from a workstation that had no
> browsers open and had not previously been authenticated.
>
> It seems to take about 20 minutes for till the old password stops working,
> 20 minutes is the same as the session timeout.
>
> Could I be reconnecting to the same session even though I've closed all
> browsers?
>
> Any ideas on how not to have this happened?

This explains it:
http://support.microsoft.com/defaul...kb;en-us;152526

--
Tom Kaminski IIS MVP
http://www.microsoft.com/windowsser...ty/centers/iis/
http://mvp.support.microsoft.com/
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS


Michael

2005-03-21, 6:02 pm

Thanks for the info. I couldn't find that KB when I was looking, wasn't sure
what was being cached.


"Tom Kaminski [MVP]" <tomk (A@T) mvps (D.O.T) org> wrote in message
news:ezzm2tkLFHA.3788@tk2msftngp13.phx.gbl...
> "Michael" <michaelteff@hotmail.com> wrote in message
> news:ujpUjUjLFHA.1948@TK2MSFTNGP14.phx.gbl...
>
> This explains it:
> http://support.microsoft.com/defaul...kb;en-us;152526
>
> --
> Tom Kaminski IIS MVP
> http://www.microsoft.com/windowsser...ty/centers/iis/
> http://mvp.support.microsoft.com/
> http://www.iistoolshed.com/ - tools, scripts, and utilities for running
> IIS
>
>


Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com