Microsoft Active Directory Logon Hours Username Enumeration Weakness
BID:24248
Info
Microsoft Active Directory Logon Hours Username Enumeration Weakness
| Bugtraq ID: | 24248 |
| Class: | Design Error |
| CVE: |
CVE-2007-2999 |
| Remote: | Yes |
| Local: | No |
| Published: | May 31 2007 12:00AM |
| Updated: | May 07 2015 05:37PM |
| Credit: | Sumit Siddharth is credited with the discovery of this vulnerability. |
| Vulnerable: |
Microsoft Windows Server 2003 Standard Edition SP2 Microsoft Windows Server 2003 Standard Edition SP1 Beta 1 Microsoft Windows Server 2003 Standard Edition SP1 Microsoft Windows Server 2003 Standard Edition |
| Not Vulnerable: | |
Discussion
Microsoft Active Directory Logon Hours Username Enumeration Weakness
Microsoft Active Directory is prone to a username-enumeration weakness because of a design error in the application when verifying user-supplied input.
Attackers may exploit this weakness to discern valid usernames. This may aid them in brute-force password cracking or other attacks.
Microsoft Active Directory on Microsoft Windows Server 2003 Standard Edition is vulnerable; other versions may also be affected.
Microsoft Active Directory is prone to a username-enumeration weakness because of a design error in the application when verifying user-supplied input.
Attackers may exploit this weakness to discern valid usernames. This may aid them in brute-force password cracking or other attacks.
Microsoft Active Directory on Microsoft Windows Server 2003 Standard Edition is vulnerable; other versions may also be affected.
Exploit / POC
Microsoft Active Directory Logon Hours Username Enumeration Weakness
An attacker may use the Microsoft Windows Active Directory logon interface to exploit this issue.
An attacker may use the Microsoft Windows Active Directory logon interface to exploit this issue.
Solution / Fix
Microsoft Active Directory Logon Hours Username Enumeration Weakness
Solution:
This issue will likely be fixed in the next version or service pack of Microsoft Windows Server 2003 Standard Edition; please contact the vendor for more information.
Solution:
This issue will likely be fixed in the next version or service pack of Microsoft Windows Server 2003 Standard Edition; please contact the vendor for more information.
References
Microsoft Active Directory Logon Hours Username Enumeration Weakness
References:
References:
- Logon Time Restrictions in a Domain in Windows Server 2003 allows Username Enume (www.notsosecure.com)
- Vendor Home Page (Microsoft)