Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Microsoft Windows PKINIT信息泄漏和欺骗漏洞
Vulnerability Description
Microsoft Windows是微软发表的非常流行的操作系统,PKINIT是用于在Kerberos中初始认证的公钥加密IETF方案。 Microsoft Windows的PKINIT协议中存在信息泄漏和欺骗漏洞。攻击者可以篡改发送给域控制器的信息,访问敏感的客户端网络通讯,这样用户在访问恶意服务器时可能会以为他们仍在访问可信任的服务器。但是,攻击者必需首先通过中间人攻击注入到客户端和域控制器中间的认证会话中。
CVSS Information
N/A
Vulnerability Type
N/A