Export (0) Print
Expand All

5.3.1 Unauthorized Client Connecting to an SSTP Server

In this scenario, an unauthorized attacker poses as a valid SSTP client and tries to connect to a valid SSTP server. The HTTPS connection goes through because the server does not authenticate the client at the SSL/TLS layer. The connection MUST be terminated by the SSTP server at the PPP layer after determining that the client has no proper user credentials. For more information, see [RFC1661].

9682b6df-71bd-48e3-9969-19e86ff0755b

Figure 9: Unauthorized client connecting to an SSTP server

 
Show:
© 2014 Microsoft