Credential Disclosure in Microsoft Project Server 2003
CVE-2006-6617
Currently unrated
What is CVE-2006-6617?
The Project Server component in Microsoft Project Server 2003 is susceptible to a vulnerability that allows remote authenticated users to extract sensitive credentials, specifically the MSProjectUser password for a SQL database. This occurs through a GetInitializationData request, which inadvertently exposes password information contained in the UserName and Password tags within the response. Mitigating this vulnerability is crucial to prevent unauthorized access and potential data breaches.