Lucene search

[email protected]CVE-2005-3173

HistoryOct 03, 2022 - 4:22 p.m.

CVE-2005-3173

2022-10-0316:22:40

[email protected]

web.nvd.nist.gov

microsoft

windows

2000

group policy

vulnerability

bypass

upn

credentials

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

19.5%

JSON

Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions.

Affected configurations

NVD

Node

microsoftwindows_2000sp4fr

CPENameOperatorVersion
microsoft:windows_2000microsoft windows 2000eq*

CPE	Name	Operator	Version
microsoft:windows_2000	microsoft windows 2000	eq	*

References

support.microsoft.com/kb/821102

support.microsoft.com/kb/900345

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

19.5%

JSON

Related for CVE-2005-3173

nvd1 cvelist1