Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2008-5112
HistoryNov 17, 2008 - 11:30 p.m.

CVE-2008-5112

2008-11-1723:30:00
CWE-200
[email protected]
web.nvd.nist.gov
25
ldap
active directory
microsoft
windows
cve-2008-5112
server 2003
nvd
security vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

High

0.091 Low

EPSS

Percentile

94.7%

JSON

The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum.

Affected configurations

NVD
Node
microsoftwindowsMatchserver_2003sp1
OR
microsoftwindowsMatchserver_2003sp2
OR
microsoftwindows_2000Match-sp4

Related

nvd 1
prion 1
cvelist 1
nvd
nvd
CVE-2008-5112
2008-11-17 23:30:00
prion
prion
Design/Logic Flaw
2008-11-17 23:30:00
cvelist
cvelist
CVE-2008-5112
2008-11-17 23:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

High

0.091 Low

EPSS

Percentile

94.7%

JSON
Related for CVE-2008-5112
nvd1prion1cvelist1