Insecure Password Storage in Microsoft Site Server 3.0
CVE-1999-1246

Currently unrated

Key Information:

Vendor: Microsoft
Status: Site Server
Vendor: CVE Published:; 31 December 1999

What is CVE-1999-1246?

The Direct Mailer feature in Microsoft Site Server 3.0 has a critical vulnerability that involves storing user domain names and passwords in plaintext on the TMLBQueue network share. This share is configured with insecure default permissions, which allows remote attackers to gain unauthorized access to these credentials. As a result, attackers can exploit this vulnerability to escalate their privileges within the affected environment, posing a significant risk to data integrity and confidentiality.

References

http://support.microsoft.com/support/kb/articles/Q229/9/7...

vendor-advisoryx_refsource_MSKB

https://exchange.xforce.ibmcloud.com/vulnerabilities/2068

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Aug 31, 2001
Vulnerability published
Dec 31, 1999