| VID |
26019 |
| Severity |
40 |
| Port |
139 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The hotfix (Q272743) for the "Telnet Client NTLM Authentication" problem has not been applied. Windows 2000 by default installs the telnet client and uses NTLM authentication. Due to a vulnerability in the telnet client, a malicious user can gain another user's NTLM authentication credentials.
A malicious user can force a telnet session with a remote telnet server by placing the "telnet://" prefix in a URL, and then monitor the session for NTLM authentication credentials. The malicious user could then use an offline brute force attack to derive the password or, with specialized tools, could submit a variant of these credentials in an attempt to access protected resources.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* Platforms Affected:
Microsoft Windows 2000
* References:
http://www.iss.net/security_center/static/5242.php
http://www.microsoft.com/technet/security/bulletin/MS00-067.asp |
| Recommendation |
Apply the appropriate patch, as listed in Microsoft Security Bulletin MS00-067. (http://www.microsoft.com/technet/security/bulletin/MS00-067.asp)
Note: This patch will also be included in the next Service Pack for Windows 2000. It can be applied to computers with or without Service Pack 1. |
| Related URL |
CVE-2000-0834 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
