CVE-1999-1246

CVSS 2.0 Score 7.5 of 10 (high)

Details

Published Dec 31, 1999
Updated: Oct 10, 2017

Summary

CVE-1999-1246 is a vulnerability affecting Microsoft Site Server 3.0. The Direct Mailer feature saves user domain names and passwords in plaintext on a TMLBQueue network share. This share has insecure default permissions, enabling remote attackers to access the passwords and thereby gain privileged access. This issue poses a significant risk to network security, as it allows unauthorized individuals to bypass authentication mechanisms and potentially take control of systems. Users are strongly advised to secure their TMLBQueue shares and change any default passwords to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share