Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Microsoft Site Server LDAP Plain Text Password Storage Vulnerability

Microsoft Site Server LDAP Plain Text Password Storage Vulnerability

by Nikola Strahija on February 3rd, 2002 Due to a design flaw, the LDAP members passwords are stored in plain text. Any user, including unprivileged anonymous users, can gain knowledge of user passwords.


Microsoft Site Server is designed to run on Microsoft Windows NT Server platforms. It provides a means for users on a corporate intranet to share, publish, and find information. Site Server Commerce Edition incorporates the same features as well as providing an interface for e-commerce sites to interact and conduct business with customers and suppliers.

An issue has been discovered in Site Server, which could allow a remote user to peruse sensitive data.

Due to a design flaw, the LDAP members passwords are stored in plain text. Any user, including unprivileged anonymous users, can gain knowledge of user passwords.

It has been reported that NT domain accounts can also gain access to this information.




Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »