Insecure Password Storage in Microsoft Site Server 3.0
CVE-1999-1246

Currently unrated

Key Information:

Vendor

Microsoft

Vendor
CVE Published:
31 December 1999

What is CVE-1999-1246?

The Direct Mailer feature in Microsoft Site Server 3.0 has a critical vulnerability that involves storing user domain names and passwords in plaintext on the TMLBQueue network share. This share is configured with insecure default permissions, which allows remote attackers to gain unauthorized access to these credentials. As a result, attackers can exploit this vulnerability to escalate their privileges within the affected environment, posing a significant risk to data integrity and confidentiality.

References

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.