locked
Disable Version String of CRM 2011 in Response RRS feed

  • Question

  • Hi there,

    I hope someone can give me an answer if this is possible:

    I just intercepted some traffic when I was logging into CRM 2011 with an Interception Proxy (Burp). I noticed that during the login phase, one of the responses I got from the server contained the full version of the Server:

    var HELP_SERVER_URL = '';
    var WEB_SERVER_HOST = 'some-url';
    var WEB_SERVER_PORT = 443;
    var APPLICATION_VERSION = '5.0';
    var APPLICATION_FULL_VERSION = '5.0.9690.2165';

    So my question is: Is it possible to configure the Microsoft Dynamics CRM 2011 server, so that he won't send out the version string?

    Maybe this is paranoia for some of you, but I don't want that everybody can see the exact version string and patch level of my CRM 2011  Server and can easily search for an exploit.

    Thx in advance and Cheers.




    • Edited by Mor-ph-eus Friday, September 21, 2012 12:03 PM
    Friday, September 21, 2012 12:02 PM

All replies

  • I'm 99% certain Microsoft do not allow you to change this.

    And even if you could, hackers\users can easily just lookup the version directly from the application by navigating to, 

    File -> Help -> About Microsoft Dynamics CRM.


    John Grace (Founder, North52) Simplifying CRM & xRM development
    How? Check out the Free Community Edition of Formula Manager at, North52

    Friday, September 21, 2012 2:10 PM
  • Thx for your quick response. 

    I thought so, that it's not possible. If the string wouldn't be send to the client you would of course not see the version in the "About" Window ;-)

    Cheers.

    Saturday, September 22, 2012 6:34 AM