Simple Sharepoint Denial of Service Attack

If someone can guess the name of your Sharepoint service account they can easily make a denial of service attack on your Sharepoint installation.

In Sharepoint 2007 this is particularly easy as the option to login as another user is available on every page.

All the attacker needs to do is try and login as the service account.  If they get the password wrong enough times to get the account locked, your whole Sharepoint site will stop working!

What can you do about this?

  • Use an obscure username for your account – security through obscurity is never the best approach
  • Increase the number of wrong password attempts before an account is locked (or remove this setting altogether)
  • Remove the Login as another user

The last step is absolutely essential if your Sharepoint site is available on the public internet.  It is relatively easy for a malicious person to identify your public site as a Sharepoint site.  Luckily our public web site is not built on Sharepoint!

How much of a threat?

It’s denial of service so the damage is proportionate to how long it takes you to recover, and what a loss of access means to your organisation.

How to recover?

You’ll need to reenable the Service account through active directory.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s