The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site.
References
Link | Resource |
---|---|
http://support.microsoft.com/kb/883639 | Broken Link Patch Vendor Advisory |
http://support.microsoft.com/kb/900345 | Broken Link Patch Vendor Advisory |
http://support.microsoft.com/kb/883639 | Broken Link Patch Vendor Advisory |
http://support.microsoft.com/kb/900345 | Broken Link Patch Vendor Advisory |
Configurations
History
05 Dec 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.1
v3 : 5.0 |
21 Nov 2024, 00:01
Type | Values Removed | Values Added |
---|---|---|
References | () http://support.microsoft.com/kb/883639 - Broken Link, Patch, Vendor Advisory | |
References | () http://support.microsoft.com/kb/900345 - Broken Link, Patch, Vendor Advisory |
13 Feb 2024, 17:43
Type | Values Removed | Values Added |
---|---|---|
References | () http://support.microsoft.com/kb/883639 - Broken Link, Patch, Vendor Advisory | |
References | () http://support.microsoft.com/kb/900345 - Broken Link, Patch, Vendor Advisory | |
CWE | CWE-295 |
Information
Published : 2005-10-06 10:02
Updated : 2024-12-05 21:15
NVD link : CVE-2005-3170
Mitre link : CVE-2005-3170
CVE.ORG link : CVE-2005-3170
JSON object : View
Products Affected
microsoft
- windows_2000
CWE
CWE-295
Improper Certificate Validation