CVE-2002-0054

Microsoft Windows 2000/Exchange Server 5.5 - Auth Bypass

Title source: llm

Description

SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.

References (3)

[Mailing List, Third Party Advisory] http://marc.info/?l=bugtraq&m=101501580409373&w=2

[Patch, Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-011

[Patch, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/4205

Scores

EPSS 0.1254

EPSS Percentile 94.0%

Details

CWE

CWE-294

Status published

Products (2)

microsoft/exchange_server 5.5 (5 CPE variants)

microsoft/windows_2000 (3 CPE variants)

Published Mar 08, 2002

Tracked Since Feb 18, 2026