Unrated severityNVD Advisory· Published Nov 17, 2008· Updated Jun 16, 2026
CVE-2008-5112
CVE-2008-5112
Description
The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
- Range: Windows 2000 SP4, Server 2003 SP1 and SP2
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.