Windows 2000 LDAP over SSL Password Change Vulnerability

A vulnerability exists involving a Lightweight Directory Access Protocol (LDAP) function that is available only if the LDAP server has been configured to support LDAP over Secure Socket Layer (SSL) sessions.

Ken Pfeil

June 26, 2001

2 Min Read
ITPro Today logo in a gray background | ITPro Today

Reported June 25, 2001, by RussCooper and Jon McDonald.

VERSIONS AFFECTED

 

  • LDAP over SLL Password Change Vulnerability in Windows 2000 Server, Windows Advanced Server, and Windows Datacenter Server

 

DESCRIPTION
Avulnerability exists involving a Lightweight Directory Access Protocol (LDAP)function that is available only if the LDAP server has been configured tosupport LDAP over Secure Socket Layer (SSL) sessions. The purpose of thisfunction is to let users change the data attributes of directory principals. Bydesign, the function should check the user's authorizations before completingthe request. However, the function contains an error that manifests itself onlywhen the directory principal is a domain user and the data attribute is thedomain password. In this case, the function fails to check the requester'spermissions, resulting in the possibility that a malicious user can change anyother user’s domain logon password.

By design, any user who can connect to the LDAPserver can also call the function affected, including users who connect throughanonymous sessions. As a result, any user who can establish a connection with anaffected server can exploit the vulnerability.

 

 

VENDOR RESPONSE

Thevendor, Microsofthas released security bulletin MS01-036for this vulnerability, and the company recommends that Win2K Server andWin2K AS users immediately apply the patchmentioned in the bulletin. Patches for Win2K Datacenter are hardwarespecific, and are available only through the original equipment manufacturer.

 

CREDIT
Discovered by JonMcDonald and Russ Cooper.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like