Data handling is a major responsibility for a web application. The data processed by the application might include sensitive information like user details, credentials, product functionality and many more. There are many servers running on Microsoft site server have major vulnerabilities through which an attacker can access various administrative pages with an unprivileged non-administrative server access. These administrator pages contain sensitive information, if going to wrong hands can completely compromise the application. Microsoft Site Server 3.0 prior to Service Pack 4 installs a default user on the web server named LDAP_Anonymous and password LdapPassword_1. A remote attacker can use these credentials to log into the server locally. Using these credentials, the attacker can perform any actions on the server without leaving any trail. The password for LDAP_Anonymous is hardcoded into the \winnt\system32\pNmsrvs.dll and \winnt\system32\inetsrv\dscomobj.dll. Thus, changing the password through the registry setting has no effect. After logging out, the system automatically removes all traces of its use in LDAP_Anonymous account.
The sensitive files that can be leaked using this vulnerability are:-
Using this vulnerability, an attacker can:-
Beagle recommends the following fixes:-