CVE-2005-3170

MEDIUM

Microsoft Windows 2000 <Update Rollup 1 for SP4 - Info Disclosure

Title source: llm

Description

The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site.

References (2)

[Broken Link, Patch, Vendor Advisory] http://support.microsoft.com/kb/883639

[Broken Link, Patch, Vendor Advisory] http://support.microsoft.com/kb/900345

Scores

CVSS v3 5.0

EPSS 0.0078

EPSS Percentile 73.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

Classification

CWE

CWE-295

Status draft

Affected Products (1)

microsoft/windows_2000

Timeline

Published Oct 06, 2005

Tracked Since Feb 18, 2026