ID CVE-2005-1982
Summary Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2000:-:advanced_server
    cpe:2.3:o:microsoft:windows_2000:-:advanced_server
  • cpe:2.3:o:microsoft:windows_2000:-:datacenter_server
    cpe:2.3:o:microsoft:windows_2000:-:datacenter_server
  • cpe:2.3:o:microsoft:windows_2000:-:professional
    cpe:2.3:o:microsoft:windows_2000:-:professional
  • cpe:2.3:o:microsoft:windows_2000:-:server
    cpe:2.3:o:microsoft:windows_2000:-:server
  • cpe:2.3:o:microsoft:windows_2003_server:enterprise:-:64-bit
    cpe:2.3:o:microsoft:windows_2003_server:enterprise:-:64-bit
  • cpe:2.3:o:microsoft:windows_2003_server:r2:-:64-bit
    cpe:2.3:o:microsoft:windows_2003_server:r2:-:64-bit
  • cpe:2.3:o:microsoft:windows_2003_server:standard:-:64-bit
    cpe:2.3:o:microsoft:windows_2003_server:standard:-:64-bit
  • cpe:2.3:o:microsoft:windows_2003_server:web
    cpe:2.3:o:microsoft:windows_2003_server:web
  • Microsoft Windows XP Professional Gold
    cpe:2.3:o:microsoft:windows_xp:-:gold:professional
CVSS
Base: 3.6 (as of 10-08-2005 - 07:45)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS05-042.NASL
description The remote host contains a version of the Kerberos protocol that contains multiple security flaws that could allow an attacker to crash the remote service (AD), disclose information or spoof a session. An attacker would need valid credentials to exploit these flaws.
last seen 2019-02-21
modified 2018-11-15
plugin id 19405
published 2005-08-09
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=19405
title MS05-042: Vulnerability in Kerberos Could Allow Denial of Service, Information Disclosure and Spoofing (899587)
oval via4
  • accepted 2011-05-16T04:00:05.891-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Anna Min
      organization BigFix, Inc
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
    family windows
    id oval:org.mitre.oval:def:100096
    status accepted
    submitted 2005-08-16T12:00:00.000-04:00
    title Windows 2000 PKINIT Information Disclosure Vulnerability
    version 68
  • accepted 2011-05-16T04:00:06.577-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
    family windows
    id oval:org.mitre.oval:def:100098
    status accepted
    submitted 2005-08-16T12:00:00.000-04:00
    title Windows XP,SP1 (32-bit) PKINIT Information Disclosure Vulnerability
    version 67
  • accepted 2011-05-16T04:00:07.278-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
    family windows
    id oval:org.mitre.oval:def:100100
    status accepted
    submitted 2005-08-16T12:00:00.000-04:00
    title Windows XP,SP2 PKINIT Information Disclosure Vulnerability
    version 68
  • accepted 2011-05-16T04:00:07.890-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
    family windows
    id oval:org.mitre.oval:def:100102
    status accepted
    submitted 2005-08-16T12:00:00.000-04:00
    title Windows XP,SP1 (64-bit) PKINIT Information Disclosure Vulnerability
    version 67
  • accepted 2011-05-16T04:00:08.574-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
    family windows
    id oval:org.mitre.oval:def:100104
    status accepted
    submitted 2005-08-16T12:00:00.000-04:00
    title Server 2003 PKINIT Information Disclosure Vulnerability
    version 68
  • accepted 2011-05-16T04:00:09.183-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
    family windows
    id oval:org.mitre.oval:def:100106
    status accepted
    submitted 2005-08-16T12:00:00.000-04:00
    title Server 2003,SP1 PKINIT Information Disclosure Vulnerability
    version 67
refmap via4
bid 14520
cert-vn VU#477341
ms MS05-042
sectrack 1014642
secunia 16368
Last major update 10-09-2008 - 15:40
Published 10-08-2005 - 00:00
Last modified 12-10-2018 - 17:36
Back to Top