CNET News.com: Microsoft secret password could allow access to Web sites

“The password back door was included in software by one or more
Microsoft engineers, the company confirmed. Hackers knowing how to
exploit the vulnerability could access any site using FrontPage 98
extensions, Microsoft said. FrontPage, a Web authoring and site
management software package, requires that special software
code–or extensions–be present on the Web site for all features to
be available….”

“Although Microsoft is treating the problem “as a serious
security risk,” a spokeswoman downplayed its overall effect. “Very
few people are still using FrontPage 98,” she said. “Most people
are using FrontPage 2000.”

“But a quick survey of Web hosting services this morning found a
number of major companies–such as Concentric Networks and
UUNet–offering FrontPage 98 and FrontPage 2000 extensions.”

The password back door is potentially most devastating for
companies that host commercial and consumer Web sites. Hosting
providers typically apply FrontPage extensions individually to
hundreds of thousands of Web sites, meaning the problem could be
difficult to clean up.

Complete Story