Oval Definition:oval:org.mitre.oval:def:6209
Revision Date:2014-03-17Version:44
Title:MS-CHAP Authentication Bypass Vulnerability
Description:The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2009-3677
Platform(s):Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis
  • 2004 SP4 or later and Raschap.dll
  • Microsoft Windows 2000 SP4 or later is installed
  • AND the version of Raschap.dll is less than 5.0.2195.7344
  • OR XP SP2 x86 and Raschap.dll
  • Microsoft Windows XP (x86) SP2 is installed
  • AND the version of Raschap.dll is less than 5.1.2600.3632
  • OR XP SP3 x86 and Raschap.dll
  • Microsoft Windows XP (x86) SP3 is installed
  • AND the version of Raschap.dll is less than 5.1.2600.5886
  • OR 2004 SP4 or later and Raschap.dll
  • XP SP2 x64\2003 SP2 x86\x64\ia64
  • Microsoft Windows XP x64 Edition SP2 is installed
  • OR Microsoft Windows Server 2003 SP2 (x86) is installed
  • OR Microsoft Windows Server 2003 SP2 (x64) is installed
  • OR Microsoft Windows Server 2003 (ia64) SP2 is installed
  • AND the version of Raschap.dll is less than 5.2.3790.4600
  • OR 2Vosta x86 and Raschap.dll
  • Microsoft Windows Vista (32-bit) is installed
  • AND the version of Raschap.dll is less than 6.0.6000.16932
  • AND the version of Raschap.dll is greater than or equal 6.0.6000.16000
  • OR Vista x86 and Raschap.dll
  • Microsoft Windows Vista (32-bit) is installed
  • AND the version of Raschap.dll is less than 6.0.6000.21134
  • AND the version of Raschap.dll is greater than or equal 6.0.6000.20000
  • OR Vista SP1 x86\x64 or Server 2008 x86\x64\ia64 and Raschap.dll
  • Vista SP1 x86\x64 or Server 2008 x86\x64\ia64
  • Microsoft Windows Vista (32-bit) Service Pack 1 is installed
  • OR Microsoft Windows Vista x64 Edition Service Pack 1 is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND the version of Raschap.dll is less than 6.0.6001.18336
  • AND the version of Raschap.dll is greater than or equal 6.0.6001.18000
  • OR Vista SP1 x86\x64 or 2008 x86\x64\ia64 and Raschap.dll
  • Vista SP1 x86\x64 or Server 2008 x86\x64\ia64
  • Microsoft Windows Vista (32-bit) Service Pack 1 is installed
  • OR Microsoft Windows Vista x64 Edition Service Pack 1 is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND the version of Raschap.dll is less than 6.0.6001.22536
  • AND the version of Raschap.dll is greater than or equal 6.0.6001.22000
    • BACK