Vulnerabilities > CVE-2007-2999 - Unspecified vulnerability in Microsoft Windows 2003 Server Gold/Sp1/Sp2
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 3 |
References
- http://osvdb.org/36138
- http://osvdb.org/36138
- http://secunia.com/advisories/25457
- http://secunia.com/advisories/25457
- http://www.notsosecure.com/folder2/2007/05/27/logon-time-restrictions-in-a-domain-in-windows-server-2003-allows-username-enumeration/
- http://www.notsosecure.com/folder2/2007/05/27/logon-time-restrictions-in-a-domain-in-windows-server-2003-allows-username-enumeration/
- http://www.securityfocus.com/bid/24248
- http://www.securityfocus.com/bid/24248