Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

Certificate Validation Flaw Could Enable Identity Spoofing (Q328145)

Severity

High

Family

Windows : Microsoft Bulletins

CVSSv2 Base

7.5

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Solution Type

Vendor Patch

Created

18 years ago

Modified

5 years ago

Hotfix to fix Certificate Validation Flaw (Q329115) is not installed. The vulnerability could enable an attacker who had a valid end-entity certificate to issue a subordinate certificate that, although bogus, would nevertheless pass validation. Because CryptoAPI is used by a wide range of applications, this could enable a variety of identity spoofing attacks.

Affected Software

Microsoft Windows 98 Microsoft Windows 98 Second Edition Microsoft Windows Me Microsoft Windows NT 4.0 Microsoft Windows NT 4.0, Terminal Server Edition Microsoft Windows 2000 Microsoft Windows XP Microsoft Office for Mac Microsoft Internet Explorer for Mac Microsoft Outlook Express for Mac

Solution

The vendor has released updates, please see the references for more information.

Common Vulnerabilities and Exposures (CVE)

References

http://www.microsoft.com/technet/security/bulletin/ms02-050.mspx

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

Certificate Validation Flaw Could Enable Identity Spoofing (Q328145)

Information

Severity

Severity

Family

Family

CVSSv2 Base

CVSSv2 Base

CVSSv2 Vector

CVSSv2 Vector

Solution Type

Solution Type

Created

Created

Modified

Modified

Share

Summary

Affected Software

Affected Software

Solution

Solution

Common Vulnerabilities and Exposures (CVE)

References