Microsoft Site Server 3.0 prior to SP4 installs a default user, LDAP_Anonymous, with a default password of LdapPassword_1, which allows remote attackers the "Log on locally" privilege.
https://exchange.xforce.ibmcloud.com/vulnerabilities/8048
http://www.securityfocus.com/bid/3998
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3BQ248840
http://online.securityfocus.com/advisories/3843
http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0033.html