Test ID:	10371
Category:	CGI abuses
Title:	/iisadmpwd/aexp2.htr
Summary:	NOSUMMARY
Description:	Description: The file /iisadmpwd/aexp2.htr is present. (or, aexp2b.htr, aexp3.htr, or aexp4.htr, search for aexp*.htr) An attacker may use it in a brute force attack to gain valid username/password. A valid user may also use it to change his password on a locked account. Solution : Delete the file Risk factor : High
Cross-Ref:	BugTraq ID: 2110 BugTraq ID: 4236 Common Vulnerability Exposure (CVE) ID: CVE-1999-0407 Bugtraq: 19990209 ALERT: IIS4 allows proxied password attacks over NetBIOS (Google Search) http://marc.info/?l=bugtraq&m=91983486431506&w=2 Bugtraq: 19990209 Re: IIS4 allows proxied password attacks over NetBIOS (Google Search) http://marc.info/?l=bugtraq&m=92000623021036&w=2 XForce ISS Database: iis-iisadmpwd Common Vulnerability Exposure (CVE) ID: CVE-2002-0421 http://www.securityfocus.com/bid/4236 Bugtraq: 20020306 NT user (who is locked changing his/her password by administrator ) can bypass the security policy and Change the password. (Google Search) http://online.securityfocus.com/archive/1/259963 http://www.iss.net/security_center/static/8388.php
Copyright	This script is Copyright (C) 2000 Renaud Deraison

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.