https://www.exploit-db.com/exploits/19192
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199902-024

BackOffice服务器的安装程序存在漏洞。安装程序中未被删除的安装文件(reboot.ini)包含账户名和密码。

source: http://www.securityfocus.com/bid/228/info

During installation of BackOffice 4.0, a file called reboot.ini is created and stored in the Program FilesMicrosoft BackOffice directory. This file contains clear-text usernames and passwords for several services that may be created during installation. These services include: SQL Executive Logon, Exchange Services, and MTS Remote Administration (and potentially others). The File ACLs for this file are set to Everyone:Full Control. 

Clear-text usernames and passwords are stored in the Program FilesMicrosoft BackOfficeReboot.ini file.

来源:MSKB
名称:Q217004
链接:http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;Q217004
来源:MS
名称:MS99-005
链接:http://www.microsoft.com/technet/security/bulletin/ms99-005.mspx