OSVDB ID: 714

Title: Microsoft Windows NT LsaQueryInformationPolicy() Function SID User Account Disclosure

Info

Disclosure
Apr 28, 1998

Discovery
Unknown

Dates

Exploit
Apr 28, 1998

Solution
Unknown

Description

 Windows contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when documented Windows API calls (such as the LsaQueryInformationPolicy() function) are used to query the system and disclose the SID. Used in conjunction with other function, a remote attacker can then enumerate account information, resulting in a loss of confidentiality.

Classification

 Location: Remote / Network Access
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Public

Solution

 Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Microsoft Corporation

Windows

 NT 4.0

References

Credit
  • Evgenii Rudnyi - rudnyimch1.chem.msu.su - Moscow State University


Direct URL: http://osvdb.org/714