Microsoft IIS Operational Log Password Information Disclosure Vulnerability

Summary

Microsoft IIS is prone to an information-disclosure vulnerability.

Credit:

The information has been provided by Justin Royce.


Details

Vulnerable Systems:
 * Microsoft Windows Vista Service Pack 2 0 and prior

Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka ‘Password Disclosure Vulnerability.’

CVE Information:
CVE-2012-2531

Disclosure Timeline:
Published: November 13 2012

Categories: Windows