CVE-2006-2380

Microsoft Windows 2000 SP4 - Improper Authentication via RPC Mutual Authentication

Title source: llm
STIX 2.1

Description

Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."

References (8)

Core 8
Core References
Patch vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1016289
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1763
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/18389
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/2328
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/26438
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20637
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/26836

Scores

EPSS 0.1775
EPSS Percentile 96.8%

Details

CWE
CWE-287
Status published
Products (1)
microsoft/windows_2000
Published Jun 13, 2006
Tracked Since Feb 18, 2026