Microsoft IIS Operational Log Password Information Disclosure Vulnerability
The information has been provided by Justin Royce.
* Microsoft Windows Vista Service Pack 2 0 and prior
Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka ‘Password Disclosure Vulnerability.’
Published: November 13 2012