Microsoft KB Archive/248840
Article ID: 248840
Article Last Modified on 9/23/2005
- Microsoft Site Server 3.0 Standard Edition
This article was previously published under Q248840
The LDAP_ANONYMOUS user account password is exposed in the registry in plain text. Anyone who has installed Site Server would have knowledge of the username and password (that is, password is always the same).
This password is hard coded in the software. Maintaining the password through the registry setting has no effect.
Registry settings are located at:
To resolve this problem, obtain the latest service pack for Site Server version 3.0. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
219292 How to Obtain the Latest Site Server 3.0 Service Pack
Microsoft has confirmed that this is a problem in Site Server 3.0. This problem was first corrected in Site Server 3.0 Service Pack 4.
This implementation generates a random password for the LDAP_ANONYMOUS account every time the ldapsvc is started. The Registry setting mentioned in the "Cause" section is no longer used.
Keywords: kbbug kbfix kbqfe kbsiteserv300sp4fix kbhotfixserver KB248840