CVE-1999-1246

Currently unrated

Key Information:

Vendor: Microsoft
Status: Site Server
Vendor: CVE Published:; 31 December 1999

Summary

Direct Mailer feature in Microsoft Site Server 3.0 saves user domain names and passwords in plaintext in the TMLBQueue network share, which has insecure default permissions, allowing remote attackers to read the passwords and gain privileges.

References

http://support.microsoft.com/support/kb/articles/Q229/9/7...

vendor-advisoryx_refsource_MSKB

https://exchange.xforce.ibmcloud.com/vulnerabilities/2068

vdb-entryx_refsource_XF

EPSS Score

14% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Aug 31, 2001
Vulnerability published
Dec 31, 1999

Collectors

NVD DatabaseMitre Database