Vigil@nce: Windows AD, user detection via LDAP
November 2008 by Vigil@nce
An attacker can connect to the LDAP server to detect if user names are valid.
Consequences: data reading
Provenance: intranet client
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: multiples sources (3/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 18/11/2008
Microsoft Windows 2000
Microsoft Windows 2003
The Windows Active Directory enables a LDAP server.
When an authentication error occurs on this LDAP server, the error
message depends on the user:
525 : user does not exist
52e : password is incorrect
532 : password has expired
An attacker can therefore successively test a list of user names in order to detect those who are in the domain.
Identifiers: BID-32305, VIGILANCE-VUL-8256