CVE-2007-2999

3 documents3 sources
Severity
1.8LOW
EPSS
1.3%
top 20.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Windows 2003 Server
Timeline
PublishedJun 4
Latest updateMay 1

Description

Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names.

CVSS vector

AV:A/AC:H/C:P/I:N/A:NExploitability: 3.2 | Impact: 2.9

Affected Packages1 packages

NVDmicrosoft/windows_2003_servergold, sp1, sp2+2

🔴Vulnerability Details

2
GHSA
GHSA-cfwh-jh9q-xhc3: Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts wi2022-05-01
CVEList
CVE-2007-2999: Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts wi2007-06-04
CVE-2007-2999 (LOW CVSS 1.8) | Microsoft Windows Server 2003 | cvebase.io