'[Full-disclosure] Microsoft Windows Active Directory Logon Hours'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-disclosure] Microsoft Windows Active Directory Logon Hours
From:       "Sumit Siddharth" <sid () notsosecure ! com>
Date:       2007-05-31 15:11:22
Message-ID: ea72dcc70705310811j24220ab3o4a1b6846b135f0a7 () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Windows Server 2003 can be configured
<http://support.microsoft.com/kb/816666> to restrict the hours and days that
a user may log on to a Windows Server 2003 domain. This could lead to
username enumeration.

*Issue*:- Microsoft Windows Active Directory Username Enumeration

*Criticality*:- Less Critical

*Impact*:- Exposure of system information

*Description*:- It has been identified that the Microsoft windows Active
Directory contains a flaw that may lead to an unauthorized information
disclosure. The issue is triggered when the Windows Domain Controller
returns different error messages depending on if a valid username was
supplied via windows terminal services. This only happens for the
user accounts that have time restrictions set and when these accounts
are accessed during restricted time. This can be exploited to help
enumerate valid usernames resulting in a loss of confidentiality.

*Vendors response*:-
"We will NOT be issuing a security update for this issue.
It is likely that in a next version or service pack of the product we may
consider making changes, but not before then".

*Screenshots:*
1. Error returned When Account is Accessed at Restricted
time<http://www.notsosecure.com/folder2/2007/05/27/logon-time-restrictions-in-a-domain-in-window \
s-server-2003-allows-username-enumeration/error-returned-when-account-is-accessed-at-restricted-time/>
 2. Error returned When Account is Accessed at Permitted
time<http://www.notsosecure.com/folder2/wp-content/uploads/2007/05/error-when-account-is-accessed-at-permitted-time.PNG>



Thanks

Sid
www.notsosecure.com


[Attachment #5 (text/html)]

<p><br></p><p>Windows Server 2003 can be <a \
href="http://support.microsoft.com/kb/816666">configured </a> to restrict the hours and days \
that a user may log on to a Windows Server 2003 domain. This could lead to username \
enumeration.</p> <p><strong>Issue</strong>:- Microsoft Windows Active Directory Username \
Enumeration</p> <p><strong>Criticality</strong>:- Less Critical</p>
<p><strong>Impact</strong>:- Exposure of system information</p>
<p><strong>Description</strong>:- It has been identified that the Microsoft windows Active<br>
Directory contains a flaw that may lead to an unauthorized information<br>
disclosure. The issue is triggered when the Windows Domain Controller<br>
returns different error messages depending on if a valid username was<br>
supplied via windows terminal services.  This only happens for the<br>
user accounts that have time restrictions set and when these accounts<br>
are accessed during restricted time. This can be exploited to help<br>
enumerate valid usernames resulting in a loss of confidentiality.</p>
<p><strong>Vendors response</strong>:-<br>
"We will NOT be issuing a security update for this issue.<br>
It is likely that in a next version or service pack of the product we may consider making \
changes, but not before then".</p> <p><strong>Screenshots:</strong><br>1. <a \
href="http://www.notsosecure.com/folder2/2007/05/27/logon-time-restrictions-in-a-domain-in-windo \
ws-server-2003-allows-username-enumeration/error-returned-when-account-is-accessed-at-restricted-time/" \
rel="attachment wp-att-87" title="Error returned When Account is Accessed at Restricted time"> \
Error returned When Account is Accessed at Restricted time</a><br> 2. <a \
href="http://www.notsosecure.com/folder2/wp-content/uploads/2007/05/error-when-account-is-accessed-at-permitted-time.PNG" \
title="Error returned When Account is Accessed at Permitted time">Error returned When Account \
is Accessed at Permitted time </a></p><br><p><br></p><p>Thanks</p><p>Sid<br><a \
href="http://www.notsosecure.com">www.notsosecure.com</a><br></p>



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic