Microsoft Exchange Server has a known username and password
| ms-exchange-username-pwd (5537) |  Medium Risk |
Description:
Early hasa known default username and password. A remote attacker can use this account to login to an Exchange Server with local user rights. If Exchange is installed on a domain controller, a remote attacker may be able to gain domain user privileges and access to other resources in the domain.
Consequences:
Remedy:
Apply the patch for this vulnerability, as listed in Microsoft Security Bulletin MS00-088. See References.
As a workaround, delete the EUSER - EXSTOREEVENT user account manually.
References:
- Microsoft Security Bulletin MS00-088: Patch Available for "Exchange User Account" Vulnerability.
- BID-1958: Microsoft Exchange 2000 Server EUSR_EXSTOREEVENT Account Vulnerability
- CVE-2000-1139: The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the Exchange User Account vulnerability.
Platforms Affected:
- Compaq Microcom 6000
- Microsoft Exchange Server
Reported:
Nov 16, 2000
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net