Executive Summary

Informations
Name CVE-2005-1982 First vendor Publication 2005-08-10
Vendor Cve Last vendor Modification 2024-11-20

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:N)
Cvss Base Score 3.6 Attack Range Local
Cvss Impact Score 4.9 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1982

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:100096
 
Oval ID: oval:org.mitre.oval:def:100096
Title: Windows 2000 PKINIT Information Disclosure Vulnerability
Description: Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
Family: windows Class: vulnerability
Reference(s): CVE-2005-1982
Version: 6
Platform(s): Microsoft Windows 2000
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:100098
 
Oval ID: oval:org.mitre.oval:def:100098
Title: Windows XP,SP1 (32-bit) PKINIT Information Disclosure Vulnerability
Description: Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
Family: windows Class: vulnerability
Reference(s): CVE-2005-1982
Version: 5
Platform(s): Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:100100
 
Oval ID: oval:org.mitre.oval:def:100100
Title: Windows XP,SP2 PKINIT Information Disclosure Vulnerability
Description: Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
Family: windows Class: vulnerability
Reference(s): CVE-2005-1982
Version: 6
Platform(s): Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:100102
 
Oval ID: oval:org.mitre.oval:def:100102
Title: Windows XP,SP1 (64-bit) PKINIT Information Disclosure Vulnerability
Description: Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
Family: windows Class: vulnerability
Reference(s): CVE-2005-1982
Version: 5
Platform(s): Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:100104
 
Oval ID: oval:org.mitre.oval:def:100104
Title: Server 2003 PKINIT Information Disclosure Vulnerability
Description: Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
Family: windows Class: vulnerability
Reference(s): CVE-2005-1982
Version: 6
Platform(s): Microsoft Windows Server 2003
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:100106
 
Oval ID: oval:org.mitre.oval:def:100106
Title: Server 2003,SP1 PKINIT Information Disclosure Vulnerability
Description: Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
Family: windows Class: vulnerability
Reference(s): CVE-2005-1982
Version: 5
Platform(s): Microsoft Windows Server 2003
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 1
Os 4
Os 1

Open Source Vulnerability Database (OSVDB)

Id Description
18609 Microsoft Windows Kerberos PKINIT Domain Controller Spoofing

Windows contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when an attacker inserts himself between a client and domain controller and exploit a design flaw in PKINT to spoof the domain controller, which will disclose session information resulting in a loss of confidentiality.

Nessus® Vulnerability Scanner

Date Description
2005-08-09 Name : It is possible to crash the remote service or disclose information.
File : smb_nt_ms05-042.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://secunia.com/advisories/16368/
http://securitytracker.com/id?1014642
http://www.kb.cert.org/vuls/id/477341
http://www.securityfocus.com/bid/14520
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
Date Informations
2024-11-28 23:21:59
  • Multiple Updates
2024-11-28 12:07:11
  • Multiple Updates
2021-05-04 12:03:01
  • Multiple Updates
2021-04-22 01:03:17
  • Multiple Updates
2020-05-23 00:16:38
  • Multiple Updates
2019-04-30 21:19:19
  • Multiple Updates
2018-10-13 00:22:31
  • Multiple Updates
2017-10-11 09:23:32
  • Multiple Updates
2016-04-26 13:36:57
  • Multiple Updates
2014-02-17 10:31:49
  • Multiple Updates
2013-05-11 11:27:38
  • Multiple Updates