CVE-2006-2380

Microsoft Windows 2000 - Authentication Bypass

Title source: rule

Description

Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."

References (8)

[Patch, Vendor Advisory] http://secunia.com/advisories/20637

[Patch] http://securitytracker.com/id?1016289

[Patch] http://www.securityfocus.com/bid/18389

[Vendor Advisory] http://www.vupen.com/english/advisories/2006/2328

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/26836

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-031

[Third Party Advisory, VDB Entry] http://www.osvdb.org/26438

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1763

Scores

EPSS 0.1964

EPSS Percentile 95.3%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

microsoft/windows_2000

Timeline

Published Jun 13, 2006

Tracked Since Feb 18, 2026