CVE-2007-2999

Name of the Vulnerable Software and Affected Versions: Microsoft Windows Server 2003

Description: The issue allows context-dependent attackers to determine valid Active Directory account names by generating different error messages for failed login attempts with a valid user name than for those with an invalid user name when time restrictions are in effect for user accounts.

Recommendations: For Microsoft Windows Server 2003, consider implementing additional authentication logging and monitoring to detect and respond to potential attacks, and restrict access to the system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.