5

CVE-2008-5112

Exploit
The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftWindows Versionserver_2003 Updatesp1
MicrosoftWindows Versionserver_2003 Updatesp2
MicrosoftWindows 2000 Version- Updatesp4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 19.97% 0.971
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://labs.portcullis.co.uk/application/ldapuserenum/
http://www.portcullis-security.com/294.php
http://www.securityfocus.com/bid/32305
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/46628