Rapid7 Vulnerability & Exploit Database

Microsoft Windows 2000 SMTP Improper Authentication Vulnerability

Back to Search

Microsoft Windows 2000 SMTP Improper Authentication Vulnerability

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
08/14/2001
Created
07/25/2018
Added
11/01/2004
Modified
03/21/2018

Description

An SMTP service installs by default as part of Windows 2000 server products, and can be selected for installation on Windows 2000 Professional. A vulnerability results because of a flaw in the authentication process used by the service. The vulnerability could allow an unauthorized user to successfully authenticate to the service using incorrect credentials. An attacker who exploited the vulnerability could gain user-level privileges on the SMTP service, thereby enabling the attacker to use the service but not to administer it. The most likely purpose in exploiting the vulnerability would be to perform mail relaying via the server.

Solution(s)

  • install-microsoft-patch-07a251b2992eba9f102c2552a41ade00

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;