PT-2006-7219 · Microsoft · Project Server 2003

Brett Moore

Published

2006-12-18

Updated

2018-10-17

CVE-2006-6617

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Microsoft Project Server 2003

Description The issue concerns a problem in the projectserver/logon/pdsrequest.asp file of Microsoft Project Server 2003. It allows remote authenticated users to obtain the MSProjectUser password for a SQL database. This is achieved via a GetInitializationData request. The response to this request includes the information in the UserName and Password tags.

Recommendations For Microsoft Project Server 2003, consider restricting access to the projectserver/logon/pdsrequest.asp file to minimize the risk of exploitation. As a temporary workaround, limit the use of the GetInitializationData request until a more permanent solution is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-6617

Affected Products

Project Server 2003

PT-2006-7219 · Microsoft · Project Server 2003

CVE-2006-6617

Related Identifiers

Affected Products

References · 9