Описание
The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum.
Ссылки
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:o:microsoft:windows:server_2003:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:server_2003:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
EPSS
Процентиль: 97%
0.36452
Средний
5 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
больше 3 лет назад
The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum.
EPSS
Процентиль: 97%
0.36452
Средний
5 Medium
CVSS2
Дефекты
CWE-200