← CVECheck
HomeVulnerabilities

CVE-1999-1246 — HIGH severity vulnerability (Direct Mailer feature in Microsoft Site Server 3.0 saves use)

Direct Mailer feature in Microsoft Site Server 3.0 saves user domain names and passwords in plaintext in the TMLBQueue network share, which has insecure default permissions, allowing remote attackers to read the passwords and gain privileges.

CVE IDCVE-1999-1246
SeverityHIGH
CVSS score7.5
CVSS vectorAV:N/AC:L/Au:N/C:P/I:P/A:P
CWENVD-CWE-Other
StatusModified
Published1999-12-31
Last modified2026-04-16
DescriptionDirect Mailer feature in Microsoft Site Server 3.0 saves user domain names and passwords in plaintext in the TMLBQueue network share, which has insecure default permissions, allowing remote attackers to read the passwords and gain privileges.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →