CVE-2009-0085

Microsoft Windows - Authentication Bypass

Title source: llm

Description

The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability."

References (7)

[Third Party Advisory, VDB Entry] http://osvdb.org/52521

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA09-069A.html

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-007

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6011

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1021828

[Third Party Advisory] http://secunia.com/advisories/34215

[Third Party Advisory] http://www.vupen.com/english/advisories/2009/0660

Scores

EPSS 0.2495

EPSS Percentile 96.1%

Classification

CWE

CWE-287

Status draft

Affected Products (15)

microsoft/windows_2000

microsoft/windows_server_2003

microsoft/windows_server_2003

microsoft/windows_server_2003

microsoft/windows_server_2003

microsoft/windows_server_2008

microsoft/windows_server_2008

microsoft/windows_server_2008

microsoft/windows_vista

microsoft/windows_vista

microsoft/windows_vista

microsoft/windows_xp

microsoft/windows_xp

microsoft/windows_xp

microsoft/windows_xp

Timeline

Published Mar 10, 2009

Tracked Since Feb 18, 2026