|
Family: Windows : Microsoft Bulletins --> Category: infos
LDAP over SSL could allow passwords to be changed (Q299687) Vulnerability Scan
Vulnerability Scan Summary Acertains whether the hotfix Q287397 is installed
Detailed Explanation for this Vulnerability Test
Synopsis :
A bug in Windows 2000 may allow a possible hacker to change the password of a third
party user.
Description :
The remote version of Windows 2000 contains a bug in its LDAP implementation
which fails to validate the permissions of a user requesting to change the
password of a third party user.
A possible hacker may exploit this vulnerability to gain unauthorized access to the
remote host.
Solution :
http://www.microsoft.com/technet/security/bulletin/ms01-036.mspx
Threat Level:
Critical / CVSS Base Score : 10
(AV:R/AC:L/Au:NR/C:C/A:C/I:C/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|