Home » Hacking News » Microsoft Site Server LDAP Plain Text Password Storage Vulnerability
Microsoft Site Server LDAP Plain Text Password Storage Vulnerability
by Nikola Strahija on February 3rd, 2002 Due to a design flaw, the LDAP members passwords are stored in plain text. Any user, including unprivileged anonymous users, can gain knowledge of user passwords.
Microsoft Site Server is designed to run on Microsoft Windows NT Server platforms. It provides a means for users on a corporate intranet to share, publish, and find information. Site Server Commerce Edition incorporates the same features as well as providing an interface for e-commerce sites to interact and conduct business with customers and suppliers.
An issue has been discovered in Site Server, which could allow a remote user to peruse sensitive data.
Due to a design flaw, the LDAP members passwords are stored in plain text. Any user, including unprivileged anonymous users, can gain knowledge of user passwords.
It has been reported that NT domain accounts can also gain access to this information.
