Back to search
CVE-2008-5112
Published: Nov 17, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
activedirectory-username-info-disclosure(46628)
vdb-entry
x_refsource_XF
32305
vdb-entry
x_refsource_BID
http://labs.portcullis.co.uk/application/ldapuserenum/
x_refsource_MISC
http://www.portcullis-security.com/294.php
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now