5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.029 Low
EPSS
Percentile
90.8%
The Microsoft IIS FTP Service contains a vulnerability that allows remote attackers to log in using domain accounts without providing a specific domain name.
The Microsoft IIS FTP Service allows users to establish connections using either local accounts or Windows domain accounts. Connections made using a domain account require a username of the form “domain\ser” to distinguish them from local accounts. The FTP Service contains an access control vulnerability that causes the server to search all trusted domains for a matching domain account when the “domain” portion of the username contains a certain wildcard value. Once a matching domain account is found, the user must provide a correct password to gain access.
This vulnerability requires the attacker to provide a correct password, so the most likely accounts to be targeted are those that contain a well-known username and default password. For example, if any of the domains trusted by the server contain an enabled Guest account with a default (null) password, the FTP Service will use that account to log the user in as “Domain\Guest”.
This vulnerability allows remote users to log in using a domain account without fully specifying the domain. This may result in either unauthorized file transfer access or information leakage.
Apply a patch from your vendor
Microsoft has released a patch for this vulnerability; for further information, please consult the systems affected section below.
Disable IIS FTP Service
Sites that do not require the IIS FTP Service may disable it to prevent exploitation of this vulnerability.
137544
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: September 18, 2001
Affected
Microsoft has addressed this vulnerability in the following Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/MS01-026.asp
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has archived Microsoft’s announcement of MS01-026 at
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This document was written by Jeffrey P. Lanza and is based on information from Microsoft.
CVE IDs: | CVE-2001-0335 |
---|---|
Severity Metric: | 10.13 Date Public: |