Microsoft and Novell are at war over the nature of Active Directory security, a central feature of Windows 2000.
In the run-up to Windows 2000 launch last week, Novell put out a statement claiming that it had discovered a serious security flaws. If correct, it would allow systems administrators to access critical corporate data, such as payroll, which they would normally be denied access to.
However, Microsoft said Novell had misunderstood how Active Directory works.
Novell detailed the Active Directory security flaw on its Web site earlier last week. It said that the blocks put in place to prevent network administrators from accessing sensitive corporate data, such as financial or legal information, could be removed by the administrators if they accessed a different area of the network.
Despite Microsoft's denial, Novell is holding to its position, and said the security problem had manifested itself in several configurations of Windows 2000 running Build 2195. Novell said that NDS does not have the same flaw and restricts access between directories.
Microsoft denied that there is a problem with Active Directory and said Novell's tests were faulty and that it had reached the wrong conclusion. Microsoft said Novell engineers did not make the required security settings.
The software giant said it had used the same security model in Microsoft products since Windows NT 3.1 and that the model was widely understood in the user community. It also criticised Novell for going public before consulting Microsoft.
Analysts could not confirm or deny the existence of the flaw and said users should do their own tests on it in their network environments.
Microsoft has released its Windows 2000 family of operating systems, calling it the most important product it has ever launched, capping a four-year development process and more than $1bn in development costs.
More Windows 2000 news
More e-commerce news