| Vulnerability Name: | CCN-3863 |
| Published: | 1999-12-08 |
| Updated: | 1999-12-08 |
| Summary: | When a Windows 2000/2003 domain is created during Active Directory setup, one of the options that needs to be provided is if one wishes to weaken security to enable down level Windows NT 4.0 servers to act as RAS servers. If one chooses to weaken the security, Windows 2000/2003 adds the Everyone group to a new local group "Pre-Windows 2000/2003 Compatible Access". This essentially allows a down level RAS server to query Active Directory via a NULL session to check RAS properties such as availability of RAS access or dial-back for a user. This, by default, grants any users read access to all objects under the domain naming context without any crendentials, thus puts system in great exposure to potential attacks. |
| CVSS v3 Severity: | |
| CVSS v2 Severity: | |
| Vulnerability Consequences: | Configuration |
| References: | Source: XF Type: UNKNOWN win2k-prewin2k-compatible-access(3863) |
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable |
| BACK | |