Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
Information Disclosure
Microsoft
NVD
CVSS 2.0
2.1
EPSS
0.2%