[原文]The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.
Microsoft Exchange Server EUSR_EXSTOREEVENT Default Account
Remote / Network Access,
Local / Remote
Loss of Integrity
By default, Exchange creates a user account with a default password. The EUSR_EXSTOREEVENT account has a password of xyxx1x#y which is publicly known and documented. This allows attackers to trivially access the program or system.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Delete the EUSR_EXSTOREEVENT user account.