Sign-up

ID

VAR-199902-0037


CVE

CVE-1999-0407


TITLE

Microsoft IIS of IISADMPWD Vulnerability in obtaining user account information in virtual directories

Trust: 0.8

sources: JVNDB: JVNDB-1998-000001

DESCRIPTION

By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system. Microsoft IIS is a popular web server package for Windows NT based platforms. Version 4.0 of IIS installs a remotely accessible directory, /IISADMPWD - mapped to c:\winnt\system32\inetsrv\iisadmpwd, which contains a number of vulnerable .HTR files. These were designed to allow system administrators the ability to provide HTTP based password change services to network users. The affected files, achg.htr, aexp*.htr, and anot*.htr can be used in this manner. A microsoft bulletin on the feature recommends using /IISADMPWD/aexp.htr for this purpose. Requesting one of the listed .htr files returns a form that requests the account name, current password, and changed password. This can be used to determine whether or not the account requested exists on the host, as well as conduct brute force attacks. If the account does not exist, the message "invalid domain" is returned - if it does, but the password change was unsuccessful, the attacker is notified. This be used against the server and against other machines connected to the local network (and possibly even other machines on the internet), by preceding the account name with an IP address and a backslash. (e.g., XXX.XXX.XXX.XXX\ACCOUNT) The server contacts the networked machine through the NetBIOS session port and attempts to change the password

Trust: 1.89

sources: NVD: CVE-1999-0407 // JVNDB: JVNDB-1998-000001 // BID: 2110

AFFECTED PRODUCTS

vendor:microsoftmodel:internet information serverscope:eqversion:4.0

Trust: 1.6

vendor:microsoftmodel:iisscope:eqversion:4.0

Trust: 1.1

sources: BID: 2110 // JVNDB: JVNDB-1998-000001 // CNNVD: CNNVD-199902-018 // NVD: CVE-1999-0407

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-1999-0407
value: HIGH

Trust: 1.0

NVD: CVE-1999-0407
value: HIGH

Trust: 0.8

CNNVD: CNNVD-199902-018
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-1999-0407
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-1998-000001 // CNNVD: CNNVD-199902-018 // NVD: CVE-1999-0407

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-1999-0407

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199902-018

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-199902-018

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-1998-000001

PATCH
title:Top Pageurl:http://www.microsoft.com/ja/jp/default.aspx
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-1998-000001

EXTERNAL IDS
db:NVDid:CVE-1999-0407
Trust: 2.4
db:BIDid:2110
Trust: 1.1
db:JVNDBid:JVNDB-1998-000001
Trust: 0.8
db:BUGTRAQid:19990209 RE: IIS4 ALLOWS PROXIED PASSWORD ATTACKS OVER NETBIOS
Trust: 0.6
db:BUGTRAQid:19990209 ALERT: IIS4 ALLOWS PROXIED PASSWORD ATTACKS OVER NETBIOS
Trust: 0.6
db:CNNVDid:CNNVD-199902-018
Trust: 0.6
sources:
            
            
            BID: 2110 // 
            
            
            
            JVNDB: JVNDB-1998-000001 // 
            
            
            
            CNNVD: CNNVD-199902-018 // 
            
            
            
            NVD: CVE-1999-0407

REFERENCES
url:http://marc.info/?l=bugtraq&m=91983486431506&w=2
Trust: 1.0
url:http://marc.info/?l=bugtraq&m=92000623021036&w=2
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-1999-0407
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-1999-0407
Trust: 0.8
url:http://www.securityfocus.com/bid/2110
Trust: 0.8
url:http://marc.theaimsgroup.com/?l=bugtraq&m=92000623021036&w=2
Trust: 0.6
url:http://marc.theaimsgroup.com/?l=bugtraq&m=91983486431506&w=2
Trust: 0.6
url:http://support.microsoft.com/support/kb/articles/q184/6/19.asp
Trust: 0.3
sources:
            
            
            BID: 2110 // 
            
            
            
            JVNDB: JVNDB-1998-000001 // 
            
            
            
            CNNVD: CNNVD-199902-018 // 
            
            
            
            NVD: CVE-1999-0407

CREDITS
David Litchfield※ mnemonix@globalnet.co.uk
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-199902-018

SOURCES
db:BIDid:2110
db:JVNDBid:JVNDB-1998-000001
db:CNNVDid:CNNVD-199902-018
db:NVDid:CVE-1999-0407

LAST UPDATE DATE
2024-08-14T14:48:22.700000+00:00

SOURCES UPDATE DATE
db:BIDid:2110date:1998-02-09T00:00:00
db:JVNDBid:JVNDB-1998-000001date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-199902-018date:2005-05-02T00:00:00
db:NVDid:CVE-1999-0407date:2016-10-18T01:59:17.610

SOURCES RELEASE DATE
db:BIDid:2110date:1998-02-09T00:00:00
db:JVNDBid:JVNDB-1998-000001date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-199902-018date:1998-02-09T00:00:00
db:NVDid:CVE-1999-0407date:1999-02-09T05:00:00