Microsoft Site Server remind.asp Information Disclosure

2002-01-30T00:00:00
ID OSVDB:17664
Type osvdb
Reporter RFP(rfp@wiretrip.net)
Modified 2002-01-30T00:00:00

Description

Vulnerability Description

Microsoft Site Server contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when using the 'LDAP_Anonymous' account and accessing the 'remind.asp' script, which will disclose the password reminder for any LDAP user resulting in a loss of confidentiality. While not considered critical, this information can lead to more focused and precise attacks.

Technical Description

The patch prevents the 'LDAP_Anonymous' account from accessing these scripts. However, a valid NT account is still able to disclose the information.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

Microsoft Site Server contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when using the 'LDAP_Anonymous' account and accessing the 'remind.asp' script, which will disclose the password reminder for any LDAP user resulting in a loss of confidentiality. While not considered critical, this information can lead to more focused and precise attacks.

References:

Vendor URL: http://www.microsoft.com/ Snort Signature ID: 1817 Snort Signature ID: 1818 Security Tracker: 1003420 Related OSVDB ID: 17655 Related OSVDB ID: 17658 Related OSVDB ID: 17661 Related OSVDB ID: 17663 Related OSVDB ID: 17664 Related OSVDB ID: 17666 Related OSVDB ID: 17668 Related OSVDB ID: 17656 Related OSVDB ID: 17660 Related OSVDB ID: 17667 Related OSVDB ID: 17669 Related OSVDB ID: 17652 Related OSVDB ID: 17654 Related OSVDB ID: 17657 Related OSVDB ID: 17670 Related OSVDB ID: 831 Related OSVDB ID: 17653 Related OSVDB ID: 17659 Related OSVDB ID: 17662 Related OSVDB ID: 17665 Related OSVDB ID: 17671 Nessus Plugin ID:11018 Microsoft Knowledge Base Article: 248840 Mail List Post: http://marc.theaimsgroup.com/?l=vulnwatch&m=101235440104716&w=2