Predictable Hash Vulnerability in SynAttackProtect in Microsoft Windows 2003 and Windows 2000

Predictable Hash Vulnerability in SynAttackProtect in Microsoft Windows 2003 and Windows 2000

CVE-2005-3945 · HIGH Severity

AV:N/AC:L/AU:N/C:N/I:N/A:C

The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups.

Learn more about our Web Application Penetration Testing UK.