Users login

Create an account »


Users login

Home » Hacking News » Microsoft IIS user existence disclosure vulnerability

Microsoft IIS user existence disclosure vulnerability

by Mario Miri on May 16th, 2003 When user attempts to authenticate against a vulnerable system, different messages are generated whether the user exists or not.

Microsoft IIS 4.0 alpha
Microsoft IIS 4.0
Microsoft IIS 5.0
Microsoft IIS 5.1

Currently there are no vendor supplied patches.

Discovered by:
[email protected]

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »