CVE-1999-1246

Name of the Vulnerable Software and Affected Versions Microsoft Site Server version 3.0

Description The issue concerns the Direct Mailer feature, which stores user domain names and passwords in plaintext within the TMLBQueue network share. This share has default permissions that are insecure, allowing remote attackers to read the passwords and potentially gain privileges.

Recommendations For Microsoft Site Server version 3.0, consider restricting access to the TMLBQueue network share to minimize the risk of exploitation, and change the default permissions to secure ones. Additionally, avoid using the Direct Mailer feature until a secure method of storing credentials is implemented.