I see very easily exploited security issue with the ArcGIS 10+ Server Manager login.
Instead of redirecting to secured login page, a modal container is displayed on top of the page.
Very poor security design.
You can easily delete the LoginFormBackdrop in Chrome and circumvent the login.
Hacker's paradise.
[ATTACH=CONFIG]34767[/ATTACH]
To be secure, DO NOT Enable administrative access to your site through the Web Adaptor.
I don't know how ESRI let that go for so long without a fix.
[ATTACH=CONFIG]34768[/ATTACH]