Microsoft Active Directory LDAP Server Username Enumeration Weakness

Microsoft Active Directory LDAP Server Username Enumeration Weakness

Microsoft Active Directory is prone to a username-enumeration weakness because of a design error in the application when verifying user-supplied input.

Attackers may exploit this weakness to discern valid usernames. This may aid them in brute-force password cracking or other attacks.

This issue affects Active Directory on these versions of Windows:

Windows 2000 SP4
Windows Server 2003 SP1 and SP2

Other versions may also be affected.