1.8
CVE-2007-2999
- EPSS 1.64%
- Veröffentlicht 04.06.2007 17:30:00
- Zuletzt bearbeitet 16.06.2026 22:40:51
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Windows 2003 Server Versiongold
Microsoft ≫ Windows 2003 Server Versionsp1
Microsoft ≫ Windows 2003 Server Versionsp2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.64% | 0.733 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 1.8 | 3.2 | 2.9 |
AV:A/AC:H/Au:N/C:P/I:N/A:N
|
http://osvdb.org/36138
http://secunia.com/advisories/25457
http://www.notsosecure.com/folder2/2007/05/27/logon-time-restrictions-in-a-domain-in-windows-server-2003-allows-username-enumeration/
http://www.securityfocus.com/bid/24248