NT LsaQueryInformationPolicy() Domain SID Leak Vulnerability

The LsaQueryInformationPolicy() function can be used to retrieve an NT domain's SID from any workstation in that domain. This can be done remotely by an anonymous user through a null session. That SID can then be used to obtain lists of user's names and SIDs for brute force attacks.


 

Privacy Statement
Copyright 2010, SecurityFocus