PT-2005-3992 · Microsoft · Windows 2000
Published
2005-10-06
·
Updated
2024-12-05
·
CVE-2005-3170
CVSS v3.1
5.0
Medium
| Vector | AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Microsoft Windows 2000 versions prior to Update Rollup 1 for SP4
Description
The issue concerns the LDAP client accepting certificates using LDAPS even when the Certificate Authority (CA) is not trusted. This could allow attackers to trick users into believing they are accessing a trusted site.
Recommendations
For Microsoft Windows 2000 versions prior to Update Rollup 1 for SP4, apply Update Rollup 1 for SP4 to resolve the issue. As a temporary workaround, consider restricting the use of LDAPS connections to trusted Certificate Authorities (CAs) until the update is applied.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Windows 2000