CVE-1999-0391

Last update: Apr 13, 2023

Description

The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user.

Affected Software
References

Software	From	Fixed in
microsoft / windows_nt	3.5.1-sp1	3.5.1-sp1.x
microsoft / windows_nt	3.5.1-sp2	3.5.1-sp2.x
microsoft / windows_nt	3.5.1-sp3	3.5.1-sp3.x
microsoft / windows_nt	3.5.1-sp4	3.5.1-sp4.x
microsoft / windows_nt	3.5.1-sp5	3.5.1-sp5.x
microsoft / windows_nt	4.0	4.0.x
microsoft / windows_nt	4.0-sp1	4.0-sp1.x
microsoft / windows_nt	4.0-sp2	4.0-sp2.x
microsoft / windows_nt	4.0-sp3	4.0-sp3.x
microsoft / windows_nt	4.0-sp4	4.0-sp4.x
microsoft / windows_nt	4.0-sp5	4.0-sp5.x
microsoft / windows_2000	-	-
microsoft / terminal_server	-	-

https://marc.info/?l=bugtraq&m=91552769809542&w=2

Severity: High

CVE: CVE-1999-0391
Published: Jan 5, 1999
Updated: Apr 13, 2023
Exploit:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P