CVE-2005-3170

The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site.

Published: Oct 6, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-3170
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P

CWEs:

CWE-295

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
microsoft / windows_2000	-	-

http://support.microsoft.com/kb/883639
http://support.microsoft.com/kb/900345

Vulnerability Database

290,301

CVE-2005-3170