CVE-2006-2380

Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the RPC Mutual Authentication Vulnerability.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name	Vendor	Start Version	End Version
Windows_2000	Microsoft	*	*

Potential Mitigations

https://cwe.mitre.org/data/definitions/114.html
https://cwe.mitre.org/data/definitions/115.html
https://cwe.mitre.org/data/definitions/151.html
https://cwe.mitre.org/data/definitions/194.html
https://cwe.mitre.org/data/definitions/22.html
https://cwe.mitre.org/data/definitions/57.html
https://cwe.mitre.org/data/definitions/593.html
https://cwe.mitre.org/data/definitions/633.html
https://cwe.mitre.org/data/definitions/650.html
https://cwe.mitre.org/data/definitions/94.html

References

http://secunia.com/advisories/20637
http://securitytracker.com/id?1016289
http://www.osvdb.org/26438
http://www.securityfocus.com/bid/18389
http://www.vupen.com/english/advisories/2006/2328
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-031
https://exchange.xforce.ibmcloud.com/vulnerabilities/26836
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1763
http://secunia.com/advisories/20637
http://securitytracker.com/id?1016289
http://www.osvdb.org/26438
http://www.securityfocus.com/bid/18389
http://www.vupen.com/english/advisories/2006/2328
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-031
https://exchange.xforce.ibmcloud.com/vulnerabilities/26836
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1763

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-2380
CWE	https://cwe.mitre.org/data/definitions/287.html

Improper Authentication

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References