Microsoft Site Server 3.0 Default Account Vulnerability

Microsoft Site Server 3.0 Default Account Vulnerability

Microsoft Site Server is designed to run on Microsoft Windows NT Server platforms. It provides a means for users on a corporate intranet to share, publish, and find information. Site Server Commerce Edition incorporates the same features as well as providing an interface for e-commerce sites to interact and conduct business with customers and suppliers.

By default, Site Server 3.0 the NT user account LDAP_Anonymous with a known password and local login privileges. In addition to local access, this may allow an attacker to exploit vulnerabilites such as BID 4000, 4002, 4004 and 4005.