← volver
CVE-2008-5112

CVE-2008-5112

EPSS 20.0%
The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum.
Productos afectados
n/a · n/a
PoCs públicas encontradas1
exploitdbwww.exploit-db.com/exploits/32586no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://labs.portcullis.co.uk/application/ldapuserenum/https://exchange.xforce.ibmcloud.com/vulnerabilities/46628http://www.portcullis-security.com/294.phphttp://www.securityfocus.com/bid/32305