• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Microsoft Site Server 3.0 Default Account Vulnerability

Severity: HIGH

Description:

Microsoft Site Server is designed to run on Microsoft Windows NT Server platforms. It provides a means for users on a corporate intranet to share, publish, and find information. Site Server Commerce Edition incorporates the same features as well as providing an interface for e-commerce sites to interact and conduct business with customers and suppliers.

Site Server 3.0 uses the NT user account LDAP_Anonymous for some functions. Some versions of Site Server create this account with a known, consistant password. This user is added to the Guests group, and given the 'Log on locally' privilege. The password appears to be included in several DDLs used by Site Server, and may be impossible to change.

Although this account is created with few privileges, it does represent a trivial local compromise of the vulnerable host. Additionally, this account may be used to exploit additional vulnerabilities, including BID 4000, 4002, 4004 and 4005.

Affected Products:

• Microsoft Site Server 3.0.0 alpha
• Microsoft Site Server 3.0.0 i386
• Microsoft Site Server 3.0.0SP1 alpha
• Microsoft Site Server 3.0.0SP1 i386
• Microsoft Site Server 3.0.0SP2 alpha
• Microsoft Site Server 3.0.0SP2 i386
• Microsoft Site Server 3.0.0SP3 alpha
• Microsoft Site Server 3.0.0SP3 i386
• Microsoft Site Server Commerce Edition 3.0.0 alpha
• Microsoft Site Server Commerce Edition 3.0.0 i386
• Microsoft Site Server Commerce Edition 3.0.0SP1 alpha
• Microsoft Site Server Commerce Edition 3.0.0SP1 i386
• Microsoft Site Server Commerce Edition 3.0.0SP2 alpha
• Microsoft Site Server Commerce Edition 3.0.0SP2 i386
• Microsoft Site Server Commerce Edition 3.0.0SP3 alpha
• Microsoft Site Server Commerce Edition 3.0.0SP3 i386

References:

• Microsoft: Q248840: Possible Security Problem in LDAP_ANONYMOUS Account
• Microsoft: Site Server Product Homepage

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.