[6667] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Anonymous Connections May Be Able to Obtain the Password Policy

daemon@ATHENA.MIT.EDU (David LeBlanc)
Tue May 5 10:45:11 1998

Date: 	Tue, 5 May 1998 09:01:50 -0400
Reply-To: David LeBlanc <dleblanc@MINDSPRING.COM>
From: David LeBlanc <dleblanc@MINDSPRING.COM>
X-To:         ntsecurity@iss.net
To: BUGTRAQ@NETSPACE.ORG

Microsoft has released the following KB article detailing something I found
a few months ago.  This problem is fixed in the lsa2-fix -
RestrictAnonymous must be set as well.

Anonymous Connections May Be Able to Obtain the Password Policy
Last reviewed: April 29, 1998
Article ID: Q129457

Further details can be had at:
http://support.microsoft.com/support/kb/articles/q129/4/57.asp

For those of you who use the ISS Scanner 5.0 running on NT, this is why we
always check your password policies, no matter how tightly your machine is
locked down.

It is always nice to see a vendor fix something without having to beat them
up publicly over it.

David LeBlanc
dleblanc@mindspring.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[6667] in bugtraq

Anonymous Connections May Be Able to Obtain the Password Policy

daemon@ATHENA.MIT.EDU (David LeBlanc)Tue May 5 10:45:11 1998

daemon@ATHENA.MIT.EDU (David LeBlanc)
Tue May 5 10:45:11 1998