Lucene search

[email protected]CVE-1999-0391

HistorySep 29, 1999 - 4:00 a.m.

CVE-1999-0391

1999-09-2904:00:00

[email protected]

web.nvd.nist.gov

windows 95

windows 98

smb authentication

cryptographic challenge

replay attack

user impersonation

cve-1999-0391

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.1%

JSON

The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user.

Affected configurations

NVD

Node

microsoftterminal_server

Node

microsoftwindows_2000

microsoftwindows_ntMatch3.5.1sp1

microsoftwindows_ntMatch3.5.1sp2

microsoftwindows_ntMatch3.5.1sp3

microsoftwindows_ntMatch3.5.1sp4

microsoftwindows_ntMatch3.5.1sp5

microsoftwindows_ntMatch4.0

microsoftwindows_ntMatch4.0sp1

microsoftwindows_ntMatch4.0sp2

microsoftwindows_ntMatch4.0sp3

microsoftwindows_ntMatch4.0sp4

microsoftwindows_ntMatch4.0sp5

CPENameOperatorVersion
microsoft:terminal_servermicrosoft terminal servereq*

CPE	Name	Operator	Version
microsoft:terminal_server	microsoft terminal server	eq	*

References

marc.info/?l=bugtraq&m=91552769809542&w=2

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.1%

JSON

Related for CVE-1999-0391

nvd1 cvelist1