CVE-2000-0834

Windows 2000 Telnet Client - Open Redirect

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0834. PoCs published by @stake.

AI-analyzed exploit summary This exploit is a proof-of-concept for CVE-2000-0834, which involves a telnet server that logs NTLM authentication attempts from Windows 2000 clients. It captures and logs NTLM challenge/response data, which can be brute-forced to disclose sensitive credentials.

Description

The Windows 2000 telnet client attempts to perform NTLM authentication by default, which allows remote attackers to capture and replay the NTLM challenge/response via a telnet:// URL that points to the malicious server, aka the "Windows 2000 Telnet Client NTLM Authentication" vulnerability.

Exploits (1)

exploitdb WORKING POC VERIFIED
by @stake · c++remotewindows
https://www.exploit-db.com/exploits/20222

This exploit is a proof-of-concept for CVE-2000-0834, which involves a telnet server that logs NTLM authentication attempts from Windows 2000 clients. It captures and logs NTLM challenge/response data, which can be brute-forced to disclose sensitive credentials.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows 2000 telnet client (telnet.exe)
No auth needed
Prerequisites: Victim must connect to the attacker's telnet server · Victim must be using a vulnerable Windows 2000 telnet client
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Various Sources vendor-advisory x_refsource_atstake
http://www.atstake.com/research/advisories/2000/a091400-1.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5242
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1683

Scores

EPSS 0.3405
EPSS Percentile 97.1%

Details

Status published
Products (1)
microsoft/windows_2000
Published Nov 14, 2000
Tracked Since Feb 18, 2026