Microsoft Site Server is designed to run on Microsoft Windows NT Server platforms. It provides a means for users on a corporate intranet to share, publish, and find information. Site Server Commerce Edition incorporates the same features as well as providing an interface for e-commerce sites to interact and conduct business with customers and suppliers. BugTraq ID 3998 "Microsoft Site Server 3.0 Default Account Vulnerability" describes an issue regarding the existence of a default anonymous LDAP account. The vendor has patched this issue by providing a randomly generated password for the anonymous LDAP account each time the ldapsvc service is started. However, a vulnerability has been discovered in the way that the random LDAP_Anonymous password is generated. This vulnerability is conditional. On systems which do not use schannel.dll, the salt for the LDAP_Anonymous password is the time it was generated. Furthermore, if a remote attacker is able to access port 139 to make a null...
Microsoft Site Server is designed to run on Microsoft Windows NT Server platforms. It provides a means for users on a corporate intranet to share, publish, and find information. Site Server Commerce Edition incorporates the same features as well as providing an interface for e-commerce sites to interact and conduct business with customers and suppliers. BugTraq ID 3998 "Microsoft Site Server 3.0 Default Account Vulnerability" describes an issue regarding the existence of a default anonymous LDAP account. The vendor has patched this issue by providing a randomly generated password for the anonymous LDAP account each time the ldapsvc service is started. However, a vulnerability has been discovered in the way that the random LDAP_Anonymous password is generated. This vulnerability is conditional. On systems which do not use schannel.dll, the salt for the LDAP_Anonymous password is the time it was generated. Furthermore, if a remote attacker is able to access port 139 to make a null session netbios query, they may be able to deduce the approximate time the password was generated. On systems which restrict access to port 139 and have schannel.dll installed, this is not an issue.
