CVE: CVE-2005-3170

Export to Word

The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.00892
Percentile: 0.7458

CVSS Scoring

CVSS v3.1 Score: 5.0

Severity: MEDIUM

Mapped CWE(s)

CWE-295 : Improper Certificate Validation

All CAPEC(s)

CAPEC-459: Creating a Rogue Certification Authority Certificate
CAPEC-475: Signature Spoofing by Improper Validation

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

Affected Products

cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*

← Back to Home