Description: This event is generated when an attempt is made to request an HTTP-based password change.
Impact: Information gathering/remote access. Error messages from failed password changes can indicate whether a given account exists on the server. Successful password changes can allow remote access to the server.
Corrective: Remove the IISADMPWD virtual directory to disable remote password changes. Consider running the IIS Lockdown Tool to disable HTR functionality.