Insecure Password Storage in Microsoft Site Server 3.0
CVE-1999-1246
Currently unrated
What is CVE-1999-1246?
The Direct Mailer feature in Microsoft Site Server 3.0 has a critical vulnerability that involves storing user domain names and passwords in plaintext on the TMLBQueue network share. This share is configured with insecure default permissions, which allows remote attackers to gain unauthorized access to these credentials. As a result, attackers can exploit this vulnerability to escalate their privileges within the affected environment, posing a significant risk to data integrity and confidentiality.