Nessus Plugin #11145
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
Certificate Validation Flaw Could Enable Identity Spoofing (Q328145)
- Family:
- Windows : Microsoft Bulletins
- Category:
- infos
- Copyright:
- This script is Copyright (C) 2002 SECNAP Network Security, LLC
- Summary:
- Checks for MS Hotfix Q328145, Certificate Validation Flaw
- Version:
- $Revision: 1.17 $
- Cve_id:
- CAN-2002-1183, CAN-2002-0862
- Bugtraq_id:
- 5410
- Xrefs:
- -
- Description:
Hotfix to fix Certificate Validation Flaw (Q329115)
is not installed.
The vulnerability could enable an attacker who had
a valid end-entity certificate to issue a
subordinate certificate that, although bogus,
would nevertheless pass validation. Because
CryptoAPI is used by a wide range of applications,
this could enable a variety of identity spoofing
attacks.
Impact of vulnerability: Identity spoofing.
Maximum Severity Rating: Critical
Recommendation: Administrators should install the patch immediately.
Affected Software:
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Me
Microsoft Windows NT 4.0
Microsoft Windows NT 4.0, Terminal Server Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Office for Mac
Microsoft Internet Explorer for Mac
Microsoft Outlook Express for Mac
See
http://www.microsoft.com/technet/security/bulletin/ms02-050.mspx
Risk factor : High
Generiert am 27.04.2005 um 18:49:54 Uhr.