Export (0) Print
Expand All

5.3.1 Unauthorized Client Connecting to an SSTP Server

In this scenario, an unauthorized attacker poses as a valid SSTP client and tries to connect to a valid SSTP server. The HTTPS connection goes through because the server does not authenticate the client at the SSL/TLS layer. The connection MUST be terminated by the SSTP server at the PPP layer after determining that the client has no proper user credentials. For more information, see [RFC1661].


Figure 9: Unauthorized client connecting to an SSTP server

© 2014 Microsoft