CVE-2005-3170

The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site.
References
Link Resource
http://support.microsoft.com/kb/883639 Broken Link Patch Vendor Advisory
http://support.microsoft.com/kb/900345 Broken Link Patch Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*

History

13 Feb 2024, 17:43

Type Values Removed Values Added
References (MSKB) http://support.microsoft.com/kb/900345 - Patch, Vendor Advisory (MSKB) http://support.microsoft.com/kb/900345 - Broken Link, Patch, Vendor Advisory
References (MSKB) http://support.microsoft.com/kb/883639 - Patch, Vendor Advisory (MSKB) http://support.microsoft.com/kb/883639 - Broken Link, Patch, Vendor Advisory
CWE NVD-CWE-Other CWE-295

Information

Published : 2005-10-06 10:02

Updated : 2024-02-28 10:42


NVD link : CVE-2005-3170

Mitre link : CVE-2005-3170

CVE.ORG link : CVE-2005-3170


JSON object : View

Products Affected

microsoft

  • windows_2000
CWE
CWE-295

Improper Certificate Validation