| Vulnerability Name: | CCN-4141 | ||||||
| Published: | 2000-01-21 | ||||||
| Updated: | 2000-01-21 | ||||||
| Summary: | In Windows 2000 and Windows NT 4.0, the SMB redirector does not send unencrypted (plaintext) passwords during authentication to an SMB server unless a specific registry entry has been added. With this option enabled, unencrypted (plaintext) passwords can be sent across the network when authenticating to an SMB server that requests this option. Use of plaintext passwords can degrade network security and should be enabled only after thorough consideration of the implications of using plaintext passwords on your network. | ||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||
| CVSS v2 Severity: | 2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
| ||||||
| Vulnerability Consequences: | Other | ||||||
| References: | Source: XF Type: UNKNOWN nt-unencrypted-pwd-smb(4141) Source: CCN Type: Microsoft Knowledge Base Article 166730 Unencrypted Passwords May Cause SP3 to Fail to Connect to SMB Servers Source: CCN Type: Microsoft Knowledge Base Article 224287 Err Msg: System Error 1240 Has Occurred. The Account Is Not Authorized to Login... | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||