Microsoft Exchange 2000 Server EUSR_EXSTOREEVENT Account Vulnerability

Microsoft Exchange 2000 Server is a messaging and collaboration application designed specifically for Windows 2000.

During the installation of Exchange 2000 Server, the user account EUSR_EXSTOREEVENT is automatically created. It is assigned a simple hard coded password and the privilege level the account possesses depends on what type of server Exchange is installed on. If Exchange is installed on a member server, the EUSR_EXSTOREEVENT would have the same privileges equivalent to a normal local user. However, if it is installed on a domain controller, the account would possess Domain User rights which would heighten the impact a malicious user may have because their actions may span across an entire domain.

A remote intruder could log onto Exchange 2000 Server if they were aware of the username and password. Successful exploitation would grant the user access to files that the EUSR_EXSTOREEVENT account had read, write, and execute permissions to. The malicious user may also install other programs or exploit other vulnerabilities in order to aid them in escalating their privilege level.


Privacy Statement
Copyright 2010, SecurityFocus