LDAP Client on Microsoft Windows 2000 Accepts Untrusted LDAPS Certificates Vulnerability

LDAP Client on Microsoft Windows 2000 Accepts Untrusted LDAPS Certificates Vulnerability

CVE-2005-3170 · MEDIUM Severity

AV:N/AC:H/AU:N/C:P/I:P/A:P

The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site.

Learn more about our User Device Pen Test.