| VID |
22067 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The MS Site web server is vulnerable to an information disclosure vulnerability.
The installation of Site Server 3.0 includes the creation of an LDAP_Anonymous user account, which is used by the included LDAP service. Unfortunately, the password for this account is set to 'LdapPassword_1', and the administrative pages in the /SiteServer/Admin/ virtual directory can be accessed using the account 'LDAP_AnonymousUser'. Such pages include sensitive information.
For examples:
- http://target.com/SiteServer/Admin/knowledge/dsmgr/users/GroupManager.asp
- http://target.com/SiteServer/Admin/knowledge/dsmgr/users/UserManager.asp
Create, modify, and potentially delete LDAP users and groups. Can add arbitrary users, and put them in arbitrary groups (including Admin Group). Note: this is separate from Windows NT user/groups, and is limited to within the LDAP realm, and thus the online web apps.
- http://target.com/SiteServer/Admin/knowledge/persmbr/vs.asp
- http://target.com/SiteServer/Admin/knowledge/persmbr/VsTmPr.asp
- http://target.com/SiteServer/Admin/knowledge/persmbr/VsLsLpRd.asp
- http://target.com/SiteServer/Admin/knowledge/persmbr/VsPrAuoEd.asp
These all expose various LDAP service and backend configuration parameters.
Platforms Affected:
Site Server version 3.0 |
| Recommendation |
Install SP4 or later for Site Server 3.0, and deny access to the /SiteServer/Admin/ directory by unauthorized sources and users. |
| Related URL |
CVE-2002-1769 (CVE) |
| Related URL |
3998 (SecurityFocus) |
| Related URL |
8048 (ISS) |
|
