Oval Definition:oval:org.mitre.oval:def:13278
Revision Date:2014-04-07Version:50
Title:LDAPS Authentication Bypass Vulnerability
Description:The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2011-2014
Platform(s):Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis
  • Active Directory Application Mode (ADAM) on Windows XP (x86) SP3, Windows XP (x64) SP2
  • Windows XP (x86) SP3, Windows XP (x64) SP2 is installed
  • Microsoft Windows XP (x86) SP3 is installed
  • OR Microsoft Windows XP x64 Edition SP2 is installed
  • AND ADAM
  • Check if ADAM service is installed
  • AND adamdsa.dll version is less than 1.1.3790.4905
  • OR Active Directory Application Mode (ADAM)/Active Directory on Windows Server 2003 x64/x86/ia64 SP2
  • Windows Server 2003 x64/x86/ia64 SP2 is installed
  • Microsoft Windows Server 2003 SP2 (x86) is installed
  • OR Microsoft Windows Server 2003 SP2 (x64) is installed
  • OR Microsoft Windows Server 2003 (ia64) SP2 is installed
  • AND Active Directory or ADAM
  • Active Directory
  • the system is being used as: Member Server, BDC or PDC (DomainRole is 3, 4 or 5)
  • AND NTDS Service is installed
  • AND ntdsa.dll version is less than 5.2.3790.4910
  • OR ADAM
  • Check if ADAM service is installed
  • AND adamdsa.dll version is less than 1.1.3790.4905
  • OR Active Directory Lightweight Directory Service (AD LDS) on Microsoft Windows Vista SP2 x86/x64, Server 2008 SP2 32bit/x64
  • Windows Vista SP2 x86/x64, Server 2008 SP2 32bit/x64 is installed
  • Microsoft Windows Vista (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Vista x64 Edition Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
  • AND GDR or LDR Service branch
  • ntdsai.dll version is less than 6.0.6002.18508
  • OR LDR
  • ntdsai.dll version is less than 6.0.6002.22705
  • AND ntdsai.dll is greater than or equal 6.0.6002.22000
  • OR Active Directory Lightweight Directory Service (AD LDS) on Windows 7 x86/x64, Windows Server 2008 R2 x86/x64
  • Windows 7 x86/x64, Windows Server 2008 R2 x86/x64 is installed
  • Microsoft Windows 7 (32-bit) is installed
  • OR Microsoft Windows 7 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 x64 Edition is installed
  • AND GDR or LDR Service branch
  • ntdsai.dll version is less than 6.1.7600.16871
  • OR LDR
  • ntdsai.dll version is less than 6.1.7600.21035
  • AND ntdsai.dll is greater than or equal 6.1.7600.20000
  • OR Active Directory Lightweight Directory Service (AD LDS) on Windows 7 x86/x64 SP1, Windows Server 2008 R2 x86/x64 SP1
  • Windows 7 x86/x64 SP1, Windows Server 2008 R2 x86/x64 SP1 is installed
  • Microsoft Windows 7 (32-bit) Service Pack 1 is installed
  • OR Microsoft Windows 7 x64 Service Pack 1 is installed
  • OR Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed
  • AND GDR or LDR Service branch
  • ntdsai.dll version is less than 6.1.7601.17676
  • OR LDR
  • ntdsai.dll version is less than 6.1.7601.21802
  • AND ntdsai.dll is greater than or equal 6.1.7601.21000
    • BACK