AnsweredAssumed Answered

ArcGIS Server Manager Security Issue

Question asked by dkole on Jun 20, 2014
Latest reply on Jul 2, 2014 by basileChandesris
I see very easily exploited security issue with the ArcGIS 10+ Server Manager login.
Instead of redirecting to secured login page, a modal container is displayed on top of the page.
Very poor security design.

You can easily delete the LoginFormBackdrop in Chrome and circumvent the login.
Hacker's paradise.


To be secure, DO NOT  Enable administrative access to your site through the Web Adaptor.
I don't know how ESRI let that go for so long without a fix.