I would like to check if anyone using SecurID maybe knows what 'sdiis.dll' is used for (it is found on an IIS4 server)? Basically, any request for any page (valid or invalid) on a site will result in redirection to 'sdiis.dll' and prompt for id/pass. However, there is a very silly way to bypass it by requesting URL like: http://www.example.org/sdiis.dll/../some_directory_or_file I have sent a question to RSA (hope SecurID is still theirs) few months ago, but no reply. The client (where this was found) was not able to help (didn't get answer about this issue, but the server was not used for anything, so they didn't consider it 'important'). What I would really like to understand is what 'sdiis.dll' is part of, and what is its function? Search on google/altavista did not reveal anything (well, found one site using it, but I'm not going to 'test' on their server). Thanks in advance. -- Vanja Hrustic The Relay Group http://relaygroup.com Technology Ahead of Time
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 08:39:37 PDT