VULHUB ™

Microsoft Office SharePoint Portal Server is reported prone to a local information disclosure weakness. The vulnerability presents itself when SharePoint Portal Server components are being installed by a user account that employs a password credential containing a prefixed '-' character. Under these circumstances the SharePoint Portal Server component installation will fail and the password for the user account used to install the software will be logged to the following file: '%WinDir%\temp\STSADM.log-setup_{date} {time}.log'. A local attacker may peruse the aforementioned log files in the hopes that they contain the password of a target user.

Microsoft Office SharePoint Portal Server is reported prone to a local information disclosure weakness. The vulnerability presents itself when SharePoint Portal Server components are being installed by a user account that employs a password credential containing a prefixed '-' character. Under these circumstances the SharePoint Portal Server component installation will fail and the password for the user account used to install the software will be logged to the following file: '%WinDir%\temp\STSADM.log-setup_{date} {time}.log'. A local attacker may peruse the aforementioned log files in the hopes that they contain the password of a target user.