BackOffice服务器安装程序密码泄露漏洞

BackOffice服务器安装程序密码泄露漏洞

漏洞ID 1105413 漏洞类型 信息泄露
发布时间 1999-02-09 更新时间 2005-05-02
图片[1]-BackOffice服务器安装程序密码泄露漏洞-安全小百科CVE编号 CVE-1999-0372
图片[2]-BackOffice服务器安装程序密码泄露漏洞-安全小百科CNNVD-ID CNNVD-199902-024
漏洞平台 Windows CVSS评分 2.1
|漏洞来源
https://www.exploit-db.com/exploits/19192
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199902-024
|漏洞详情
BackOffice服务器的安装程序存在漏洞。安装程序中未被删除的安装文件(reboot.ini)包含账户名和密码。
|漏洞EXP
source: http://www.securityfocus.com/bid/228/info

During installation of BackOffice 4.0, a file called reboot.ini is created and stored in the Program FilesMicrosoft BackOffice directory. This file contains clear-text usernames and passwords for several services that may be created during installation. These services include: SQL Executive Logon, Exchange Services, and MTS Remote Administration (and potentially others). The File ACLs for this file are set to Everyone:Full Control. 

Clear-text usernames and passwords are stored in the Program FilesMicrosoft BackOfficeReboot.ini file.
|参考资料

来源:MSKB
名称:Q217004
链接:http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;Q217004
来源:MS
名称:MS99-005
链接:http://www.microsoft.com/technet/security/bulletin/ms99-005.mspx

相关推荐: Sux Services SQL Injection Vulnerability

Sux Services SQL Injection Vulnerability 漏洞ID 1100771 漏洞类型 Input Validation Error 发布时间 2003-02-28 更新时间 2003-02-28 CVE编号 N/A CNNVD-…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享