Bugtraq mailing list archives
Anonymous Connections May Be Able to Obtain the Password Policy
From: dleblanc () MINDSPRING COM (David LeBlanc)
Date: Tue, 5 May 1998 09:01:50 -0400
Microsoft has released the following KB article detailing something I found a few months ago. This problem is fixed in the lsa2-fix - RestrictAnonymous must be set as well. Anonymous Connections May Be Able to Obtain the Password Policy Last reviewed: April 29, 1998 Article ID: Q129457 Further details can be had at: http://support.microsoft.com/support/kb/articles/q129/4/57.asp For those of you who use the ISS Scanner 5.0 running on NT, this is why we always check your password policies, no matter how tightly your machine is locked down. It is always nice to see a vendor fix something without having to beat them up publicly over it. David LeBlanc dleblanc () mindspring com
Current thread:
- Anonymous Connections May Be Able to Obtain the Password Policy David LeBlanc (May 05)