ID

VAR-199902-0037


CVE

CVE-1999-0407


TITLE

Microsoft IIS of IISADMPWD Vulnerability in obtaining user account information in virtual directories

Trust: 0.8

sources: JVNDB: JVNDB-1998-000001

DESCRIPTION

By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system. Microsoft IIS is a popular web server package for Windows NT based platforms. Version 4.0 of IIS installs a remotely accessible directory, /IISADMPWD - mapped to c:\winnt\system32\inetsrv\iisadmpwd, which contains a number of vulnerable .HTR files. These were designed to allow system administrators the ability to provide HTTP based password change services to network users. The affected files, achg.htr, aexp*.htr, and anot*.htr can be used in this manner. A microsoft bulletin on the feature recommends using /IISADMPWD/aexp.htr for this purpose. Requesting one of the listed .htr files returns a form that requests the account name, current password, and changed password. This can be used to determine whether or not the account requested exists on the host, as well as conduct brute force attacks. If the account does not exist, the message "invalid domain" is returned - if it does, but the password change was unsuccessful, the attacker is notified. This be used against the server and against other machines connected to the local network (and possibly even other machines on the internet), by preceding the account name with an IP address and a backslash. (e.g., XXX.XXX.XXX.XXX\ACCOUNT) The server contacts the networked machine through the NetBIOS session port and attempts to change the password

Trust: 1.89

sources: NVD: CVE-1999-0407 // JVNDB: JVNDB-1998-000001 // BID: 2110

AFFECTED PRODUCTS

vendor:microsoftmodel:internet information serverscope:eqversion:4.0

Trust: 1.6

vendor:microsoftmodel:iisscope:eqversion:4.0

Trust: 1.1

sources: BID: 2110 // JVNDB: JVNDB-1998-000001 // CNNVD: CNNVD-199902-018 // NVD: CVE-1999-0407

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-1999-0407
value: HIGH

Trust: 1.0

NVD: CVE-1999-0407
value: HIGH

Trust: 0.8

CNNVD: CNNVD-199902-018
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-1999-0407
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-1998-000001 // CNNVD: CNNVD-199902-018 // NVD: CVE-1999-0407

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-1999-0407

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199902-018

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-199902-018

CONFIGURATIONS

sources: JVNDB: JVNDB-1998-000001

PATCH

title:Top Pageurl:http://www.microsoft.com/ja/jp/default.aspx

Trust: 0.8

sources: JVNDB: JVNDB-1998-000001

EXTERNAL IDS

db:NVDid:CVE-1999-0407

Trust: 2.4

db:BIDid:2110

Trust: 1.1

db:JVNDBid:JVNDB-1998-000001

Trust: 0.8

db:BUGTRAQid:19990209 RE: IIS4 ALLOWS PROXIED PASSWORD ATTACKS OVER NETBIOS

Trust: 0.6

db:BUGTRAQid:19990209 ALERT: IIS4 ALLOWS PROXIED PASSWORD ATTACKS OVER NETBIOS

Trust: 0.6

db:CNNVDid:CNNVD-199902-018

Trust: 0.6

sources: BID: 2110 // JVNDB: JVNDB-1998-000001 // CNNVD: CNNVD-199902-018 // NVD: CVE-1999-0407

REFERENCES

url:http://marc.info/?l=bugtraq&m=91983486431506&w=2

Trust: 2.0

url:http://marc.info/?l=bugtraq&m=92000623021036&w=2

Trust: 2.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-1999-0407

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-1999-0407

Trust: 0.8

url:http://www.securityfocus.com/bid/2110

Trust: 0.8

url:http://marc.theaimsgroup.com/?l=bugtraq&m=92000623021036&w=2

Trust: 0.6

url:http://marc.theaimsgroup.com/?l=bugtraq&m=91983486431506&w=2

Trust: 0.6

url:http://support.microsoft.com/support/kb/articles/q184/6/19.asp

Trust: 0.3

sources: BID: 2110 // JVNDB: JVNDB-1998-000001 // CNNVD: CNNVD-199902-018 // NVD: CVE-1999-0407

CREDITS

David Litchfield※ mnemonix@globalnet.co.uk

Trust: 0.6

sources: CNNVD: CNNVD-199902-018

SOURCES

db:BIDid:2110
db:JVNDBid:JVNDB-1998-000001
db:CNNVDid:CNNVD-199902-018
db:NVDid:CVE-1999-0407

LAST UPDATE DATE

2024-11-22T23:12:12.997000+00:00


SOURCES UPDATE DATE

db:BIDid:2110date:1998-02-09T00:00:00
db:JVNDBid:JVNDB-1998-000001date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-199902-018date:2005-05-02T00:00:00
db:NVDid:CVE-1999-0407date:2024-11-20T23:28:39.997

SOURCES RELEASE DATE

db:BIDid:2110date:1998-02-09T00:00:00
db:JVNDBid:JVNDB-1998-000001date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-199902-018date:1998-02-09T00:00:00
db:NVDid:CVE-1999-0407date:1999-02-09T05:00:00