Description
Microsoft Site Server 3.0 prior to SP4 installs a default user, LDAP_Anonymous, with a default password of LdapPassword_1, which allows remote attackers the "Log on locally" privilege.
Affected products
- Microsoft / site_server3.0 – 3.0
- Microsoft / site_server3.0 – 3.0
- Microsoft / site_server3.0 – 3.0
- Microsoft / site_server3.0 – 3.0
- Microsoft / site_server3.0 – 3.0
- Microsoft / site_server3.0 – 3.0
- Microsoft / site_server3.0 – 3.0
- Microsoft / site_server3.0 – 3.0
- Microsoft / site_server_commerce3.0 – 3.0
- Microsoft / site_server_commerce3.0 – 3.0
- Microsoft / site_server_commerce3.0 – 3.0
- Microsoft / site_server_commerce3.0 – 3.0
- Microsoft / site_server_commerce3.0 – 3.0
References
- VENDOR_ADVISORYhttp://online.securityfocus.com/advisories/3843
- MISChttp://www.securityfocus.com/bid/3998
- MISChttp://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3BQ248840
- MISChttp://archives.neohapsis.com/archives/vulnwatch/2002-q1/0033.html
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/8048