Sign-up

ID

VAR-200107-0127


CVE

CVE-2001-0347


TITLE

Microsoft IIS FTP service searches all trusted domains for user accounts

Trust: 0.8

sources: CERT/CC: VU#137544

DESCRIPTION

Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid. Microsoft Windows Is Telnet If you use a legitimate user account with a special character string added and there is a flaw in the implementation of the domain authentication operation, you will not be asked for domain authentication when logging in to the domain to which the account belongs. Telnet The service is vulnerable to enumerating server domains and all domains trusted by user accounts instead of authentication.There is a possibility of unauthorized login to the system. Once the account is located, the user will have to complete the authentication process. At this point brute force attacks can be used in an attempt to gain access to the domain

Trust: 3.6

sources: NVD: CVE-2001-0347 // CERT/CC: VU#137544 // CERT/CC: VU#573155 // JVNDB: JVNDB-2001-000088 // BID: 2847 // BID: 2719

AFFECTED PRODUCTS

vendor:microsoftmodel: - scope: - version: -

Trust: 1.6

vendor:microsoftmodel:windows 2000scope: - version: -

Trust: 1.4

vendor:microsoftmodel:windows 2000scope:eqversion:*

Trust: 1.0

vendor:microsoftmodel:windows server sp2scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows server sp1scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows serverscope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows professional sp2scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows professional sp1scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows professionalscope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows datacenter server sp2scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows datacenter server sp1scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows datacenter serverscope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows advanced server sp2scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows advanced server sp1scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows advanced serverscope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:iisscope:eqversion:5.0

Trust: 0.3

vendor:microsoftmodel:iisscope:eqversion:4.0

Trust: 0.3

sources: CERT/CC: VU#137544 // CERT/CC: VU#573155 // BID: 2847 // BID: 2719 // JVNDB: JVNDB-2001-000088 // CNNVD: CNNVD-200107-161 // NVD: CVE-2001-0347

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2001-0347
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#137544
value: 10.13

Trust: 0.8

CARNEGIE MELLON: VU#573155
value: 10.13

Trust: 0.8

NVD: CVE-2001-0347
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200107-161
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2001-0347
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: CERT/CC: VU#137544 // CERT/CC: VU#573155 // JVNDB: JVNDB-2001-000088 // CNNVD: CNNVD-200107-161 // NVD: CVE-2001-0347

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0347

THREAT TYPE

network

Trust: 0.6

sources: BID: 2847 // BID: 2719

TYPE

Input Validation Error

Trust: 0.6

sources: BID: 2847 // BID: 2719

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2001-000088

PATCH
title:MS01-031url:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp
Trust: 0.8
title:MS01-031url:http://www.microsoft.com/japan/technet/security/bulletin/MS01-031.mspx
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2001-000088

EXTERNAL IDS
db:BIDid:2847
Trust: 3.5
db:NVDid:CVE-2001-0347
Trust: 2.4
db:CERT/CCid:VU#573155
Trust: 1.6
db:CERT/CCid:VU#137544
Trust: 1.6
db:OSVDBid:5686
Trust: 1.6
db:BIDid:2719
Trust: 1.1
db:JVNDBid:JVNDB-2001-000088
Trust: 0.8
db:XFid:2
Trust: 0.6
db:XFid:6665
Trust: 0.6
db:MSid:MS01-031
Trust: 0.6
db:CIACid:L-092
Trust: 0.6
db:CNNVDid:CNNVD-200107-161
Trust: 0.6
sources:
            
            
            CERT/CC: VU#137544 // 
            
            
            
            CERT/CC: VU#573155 // 
            
            
            
            BID: 2847 // 
            
            
            
            BID: 2719 // 
            
            
            
            JVNDB: JVNDB-2001-000088 // 
            
            
            
            CNNVD: CNNVD-200107-161 // 
            
            
            
            NVD: CVE-2001-0347

REFERENCES
url:http://www.securityfocus.com/bid/2847
Trust: 3.2
url:http://www.microsoft.com/technet/security/bulletin/ms01-031.asp
Trust: 1.7
url:http://www.osvdb.org/5686
Trust: 1.6
url:http://www.ciac.org/ciac/bulletins/l-092.shtml
Trust: 1.6
url:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-031
Trust: 1.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/6665
Trust: 1.0
url:http://www.kb.cert.org/vuls/id/573155
Trust: 0.8
url:http://www.microsoft.com/technet/security/bulletin/ms01-026.asp
Trust: 0.8
url:http://www.securityfocus.com/bid/2719
Trust: 0.8
url:http://www.kb.cert.org/vuls/id/137544
Trust: 0.8
url:http://www.microsoft.com/downloads/release.asp?releaseid=30508
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2001-0347
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2001-0347
Trust: 0.8
url:http://xforce.iss.net/static/6665.php
Trust: 0.6
url:http://www.microsoft.com/technet/security/bulletin/ms02-026.asp
Trust: 0.3
sources:
            
            
            CERT/CC: VU#137544 // 
            
            
            
            CERT/CC: VU#573155 // 
            
            
            
            BID: 2847 // 
            
            
            
            BID: 2719 // 
            
            
            
            JVNDB: JVNDB-2001-000088 // 
            
            
            
            CNNVD: CNNVD-200107-161 // 
            
            
            
            NVD: CVE-2001-0347

CREDITS
Posted in a Microsoft Security Bulletin MS01-031 on June 7, 2001.
Trust: 0.9
sources:
            
            
            BID: 2847 // 
            
            
            
            CNNVD: CNNVD-200107-161

SOURCES
db:CERT/CCid:VU#137544
db:CERT/CCid:VU#573155
db:BIDid:2847
db:BIDid:2719
db:JVNDBid:JVNDB-2001-000088
db:CNNVDid:CNNVD-200107-161
db:NVDid:CVE-2001-0347

LAST UPDATE DATE
2025-04-03T19:59:08.163000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#137544date:2001-09-18T00:00:00
db:CERT/CCid:VU#573155date:2001-09-18T00:00:00
db:BIDid:2847date:2001-06-07T00:00:00
db:BIDid:2719date:2001-05-14T00:00:00
db:JVNDBid:JVNDB-2001-000088date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200107-161date:2005-05-02T00:00:00
db:NVDid:CVE-2001-0347date:2025-04-03T01:03:51.193

SOURCES RELEASE DATE
db:CERT/CCid:VU#137544date:2001-09-18T00:00:00
db:CERT/CCid:VU#573155date:2001-09-18T00:00:00
db:BIDid:2847date:2001-06-07T00:00:00
db:BIDid:2719date:2001-05-14T00:00:00
db:JVNDBid:JVNDB-2001-000088date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200107-161date:2001-07-21T00:00:00
db:NVDid:CVE-2001-0347date:2001-07-21T04:00:00