CVE-2008-5112

Microsoft Windows 2000 SP4 and Server 2003 SP1/SP2 - User Enumeration via LDAP Bind Requests

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5112. PoCs published by Bernardo Damele.

AI-analyzed exploit summary This exploit leverages a username-enumeration weakness in Microsoft Active Directory via LDAP by analyzing error codes returned during failed authentication attempts. It distinguishes between valid and invalid usernames based on specific LDAP error responses.

Description

The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Bernardo Damele · pythonremotewindows

https://www.exploit-db.com/exploits/32586

View Code ZIP pw:eip

This exploit leverages a username-enumeration weakness in Microsoft Active Directory via LDAP by analyzing error codes returned during failed authentication attempts. It distinguishes between valid and invalid usernames based on specific LDAP error responses.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Active Directory on Windows 2000 SP4, Windows Server 2003 SP1/SP2

No auth needed

Prerequisites: Network access to the target LDAP server (port 389) · A list of potential usernames in a text file (users.txt) · Python with python-ldap library installed

MITRE ATT&CK

T1589 - Gather Victim Identity Information T1087 - Account Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →