AnsweredAssumed Answered

ArcGIS Server Manager Security Issue

Question asked by dkole on Jun 20, 2014
Latest reply on Jul 2, 2014 by basileChandesris
I see very easily exploited security issue with the ArcGIS 10+ Server Manager login.
Instead of redirecting to secured login page, a modal container is displayed on top of the page.
Very poor security design.

You can easily delete the LoginFormBackdrop in Chrome and circumvent the login.
Hacker's paradise.

[ATTACH=CONFIG]34767[/ATTACH]

To be secure, DO NOT  Enable administrative access to your site through the Web Adaptor.
I don't know how ESRI let that go for so long without a fix.

[ATTACH=CONFIG]34768[/ATTACH]

Outcomes