Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Once the device and account authentications succeed, the SSTP protocol does not secure any subsequent messages. This makes it possible for an active attacker to hijack the TCP session, and to cause denial of service for the originally connected client. In some scenarios, this also makes it possible for an active attacker to receive messages targeted for the originally authenticated client (such as when both attacker and victim are on the same LAN).