CVE-1999-1246

Direct Mailer feature in Microsoft Site Server 3.0 saves user domain names and passwords in plaintext in the TMLBQueue network share, which has insecure default permissions, allowing remote attackers to read the passwords and gain privileges.

Published: Dec 31, 1999
Updated: Apr 13, 2023
CVE: CVE-1999-1246
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / site_server	3.0	3.0.x

http://support.microsoft.com/support/kb/articles/Q229/9/72.asp
https://exchange.xforce.ibmcloud.com/vulnerabilities/2068

Vulnerability Database

289,599

CVE-1999-1246