Logon Time Restrictions in a Domain in Windows Server 2003 allows Username Enumeration.

May 27, 2007

Windows Server 2003 can be configured to restrict the hours and days that a user may log on to a Windows Server 2003 domain. This could lead to username enumeration.

Issue:- Microsoft Windows Active Directory Username Enumeration

Criticality:- Less Critical

Impact:- Exposure of system information

Description:- It has been identified that the Microsoft windows Active
Directory contains a flaw that may lead to an unauthorized information
disclosure. The issue is triggered when the Windows Domain Controller
returns different error messages depending on if a valid username was
supplied via windows terminal services. This only happens for the
user accounts that have time restrictions set and when these accounts
are accessed during restricted time. This can be exploited to help
enumerate valid usernames resulting in a loss of confidentiality.

Vendors response:-
“We will NOT be issuing a security update for this issue.
It is likely that in a next version or service pack of the product we may consider making changes, but not before then”.

Screenshots:
1. Error returned When Account is Accessed at Restricted time
2. Error returned When Account is Accessed at Permitted time

——————————————
Advert: Download expert 000-101 questions, 000-102 study guide and 000-200 practice test to ensure your success in exams.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Trackback