Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:1817 |
| Message | WEB-IIS MS Site Server default login attempt |
| Summary | This event is generated when an attempt is made to log on to Microsoft Site Server with a default account. |
| Impact | Information gathering. This attack may permit leaking of information associated with particular Site Server files. |
| Detailed Information | Microsoft Site Server is software for Windows NT servers that allows users to publish, find, and share information. There is a vulnerability that allows leaking of information of some Site Server files when an attacker logs on with the username of 'LDAP_AnonymousUser' and a password of 'LdapPassword_1'. |
| Affected Systems | Microsoft Site Server 3.0 |
| Attack Scenarios | An attacker can log on to Site Server using a default username and password to view Site Server files. |
| Ease of Attack | Simple. |
| Corrective Action | Apply Service Pack 4. |
| Additional References | Nessus http://cgi.nessus.org/plugins/dump.php3?id=11018 |
| Rule References | nessus: 11018 |
--
DID:352951
--
http://www.aanval.com/