CVE-2002-0054

SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:microsoft:exchange_server:5.5:-:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:5.5:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:5.5:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:5.5:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:5.5:sp4:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:-:sp2:*:*:*:*:*:*

History

No history.

Information

Published : 2002-03-08 05:00

Updated : 2024-02-04 16:31


NVD link : CVE-2002-0054

Mitre link : CVE-2002-0054

CVE.ORG link : CVE-2002-0054


JSON object : View

Products Affected

microsoft

  • exchange_server
  • windows_2000
CWE
CWE-294

Authentication Bypass by Capture-replay