Microsoft Site Server 3.0 prior to SP4 installs a default user, LDAP_Anonymous, with a default password of LdapPassword_1, which allows remote attackers the Log on locally privilege.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Site_server | Microsoft | 3.0 (including) | 3.0 (including) |
| Site_server | Microsoft | 3.0-apha (including) | 3.0-apha (including) |
| Site_server | Microsoft | 3.0-sp1 (including) | 3.0-sp1 (including) |
| Site_server | Microsoft | 3.0-sp1_alpha (including) | 3.0-sp1_alpha (including) |
| Site_server | Microsoft | 3.0-sp2 (including) | 3.0-sp2 (including) |
| Site_server | Microsoft | 3.0-sp2_alpha (including) | 3.0-sp2_alpha (including) |
| Site_server | Microsoft | 3.0-sp3 (including) | 3.0-sp3 (including) |
| Site_server | Microsoft | 3.0-sp3_alpha (including) | 3.0-sp3_alpha (including) |
| Site_server_commerce | Microsoft | 3.0 (including) | 3.0 (including) |
| Site_server_commerce | Microsoft | 3.0-alpha (including) | 3.0-alpha (including) |
| Site_server_commerce | Microsoft | 3.0-sp1_alpha (including) | 3.0-sp1_alpha (including) |
| Site_server_commerce | Microsoft | 3.0-sp2_alpha (including) | 3.0-sp2_alpha (including) |
| Site_server_commerce | Microsoft | 3.0-sp3_alpha (including) | 3.0-sp3_alpha (including) |
References
- http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0033.html
- http://online.securityfocus.com/advisories/3843
- http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3BQ248840
- http://www.securityfocus.com/bid/3998
- https://exchange.xforce.ibmcloud.com/vulnerabilities/8048
- http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0033.html
- http://online.securityfocus.com/advisories/3843
- http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3BQ248840
- http://www.securityfocus.com/bid/3998
- https://exchange.xforce.ibmcloud.com/vulnerabilities/8048