Lucene search

[email protected]CVE-2005-1982

HistoryAug 10, 2005 - 4:00 a.m.

CVE-2005-1982

2005-08-1004:00:00

[email protected]

web.nvd.nist.gov

microsoft

windows

pkinit

protocol

vulnerability

local user

information security

mitm attack

smart card authentication

nvd

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

6 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.2%

JSON

Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.

Affected configurations

NVD

Node

microsoftwindows_2000

microsoftwindows_2003_serverMatchenterprise64-bit

microsoftwindows_2003_serverMatchr264-bit

microsoftwindows_2003_serverMatchstandard64-bit

microsoftwindows_2003_serverMatchweb

microsoftwindows_xpgoldprofessional

CPENameOperatorVersion
microsoft:windows_2000microsoft windows 2000eq*
microsoft:windows_2003_servermicrosoft windows 2003 servereqenterprise
microsoft:windows_2003_servermicrosoft windows 2003 servereqr2
microsoft:windows_2003_servermicrosoft windows 2003 servereqstandard
microsoft:windows_2003_servermicrosoft windows 2003 servereqweb
microsoft:windows_xpmicrosoft windows xpeq*

CPE	Name	Operator	Version
microsoft:windows_2000	microsoft windows 2000	eq	*
microsoft:windows_2003_server	microsoft windows 2003 server	eq	enterprise
microsoft:windows_2003_server	microsoft windows 2003 server	eq	r2
microsoft:windows_2003_server	microsoft windows 2003 server	eq	standard
microsoft:windows_2003_server	microsoft windows 2003 server	eq	web
microsoft:windows_xp	microsoft windows xp	eq	*

References

secunia.com/advisories/16368/

securitytracker.com/id?1014642

www.kb.cert.org/vuls/id/477341

www.securityfocus.com/bid/14520

docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-042

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100096

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100098

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100100

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100102

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100104

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100106

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

6 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.2%

JSON

Related for CVE-2005-1982

cvelist1 cert1 nvd1 nessus1 securityvulns1