Microsoft Active Directory Logon Hours Username Enumeration Weakness

Microsoft Active Directory is prone to a username-enumeration weakness because of a design error in the application when verifying user-supplied input.

Attackers may exploit this weakness to discern valid usernames. This may aid them in brute-force password cracking or other attacks.

Microsoft Active Directory on Microsoft Windows Server 2003 Standard Edition is vulnerable; other versions may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus