VAR-200107-0127
Vulnerability from variot - Updated: 2025-04-03 19:59Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid. Microsoft Windows Is Telnet If you use a legitimate user account with a special character string added and there is a flaw in the implementation of the domain authentication operation, you will not be asked for domain authentication when logging in to the domain to which the account belongs. Telnet The service is vulnerable to enumerating server domains and all domains trusted by user accounts instead of authentication.There is a possibility of unauthorized login to the system. Once the account is located, the user will have to complete the authentication process. At this point brute force attacks can be used in an attempt to gain access to the domain
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200107-0127",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "microsoft",
"version": null
},
{
"model": "windows 2000",
"scope": null,
"trust": 1.4,
"vendor": "microsoft",
"version": null
},
{
"model": "windows 2000",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "*"
},
{
"model": "windows server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows datacenter server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows datacenter server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows datacenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "iis",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#137544"
},
{
"db": "CERT/CC",
"id": "VU#573155"
},
{
"db": "BID",
"id": "2847"
},
{
"db": "BID",
"id": "2719"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000088"
},
{
"db": "CNNVD",
"id": "CNNVD-200107-161"
},
{
"db": "NVD",
"id": "CVE-2001-0347"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:microsoft:windows_2000",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2001-000088"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Posted in a Microsoft Security Bulletin MS01-031 on June 7, 2001.",
"sources": [
{
"db": "BID",
"id": "2847"
},
{
"db": "CNNVD",
"id": "CNNVD-200107-161"
}
],
"trust": 0.9
},
"cve": "CVE-2001-0347",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2001-0347",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2001-0347",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#137544",
"trust": 0.8,
"value": "10.13"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#573155",
"trust": 0.8,
"value": "10.13"
},
{
"author": "NVD",
"id": "CVE-2001-0347",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200107-161",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#137544"
},
{
"db": "CERT/CC",
"id": "VU#573155"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000088"
},
{
"db": "CNNVD",
"id": "CNNVD-200107-161"
},
{
"db": "NVD",
"id": "CVE-2001-0347"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid. Microsoft Windows Is Telnet If you use a legitimate user account with a special character string added and there is a flaw in the implementation of the domain authentication operation, you will not be asked for domain authentication when logging in to the domain to which the account belongs. Telnet The service is vulnerable to enumerating server domains and all domains trusted by user accounts instead of authentication.There is a possibility of unauthorized login to the system. Once the account is located, the user will have to complete the authentication process. At this point brute force attacks can be used in an attempt to gain access to the domain",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0347"
},
{
"db": "CERT/CC",
"id": "VU#137544"
},
{
"db": "CERT/CC",
"id": "VU#573155"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000088"
},
{
"db": "BID",
"id": "2847"
},
{
"db": "BID",
"id": "2719"
}
],
"trust": 3.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "2847",
"trust": 3.5
},
{
"db": "NVD",
"id": "CVE-2001-0347",
"trust": 2.4
},
{
"db": "CERT/CC",
"id": "VU#573155",
"trust": 1.6
},
{
"db": "CERT/CC",
"id": "VU#137544",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "5686",
"trust": 1.6
},
{
"db": "BID",
"id": "2719",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000088",
"trust": 0.8
},
{
"db": "XF",
"id": "2",
"trust": 0.6
},
{
"db": "XF",
"id": "6665",
"trust": 0.6
},
{
"db": "MS",
"id": "MS01-031",
"trust": 0.6
},
{
"db": "CIAC",
"id": "L-092",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200107-161",
"trust": 0.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#137544"
},
{
"db": "CERT/CC",
"id": "VU#573155"
},
{
"db": "BID",
"id": "2847"
},
{
"db": "BID",
"id": "2719"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000088"
},
{
"db": "CNNVD",
"id": "CNNVD-200107-161"
},
{
"db": "NVD",
"id": "CVE-2001-0347"
}
]
},
"id": "VAR-200107-0127",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2025-04-03T19:59:08.163000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MS01-031",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/MS01-031.asp"
},
{
"title": "MS01-031",
"trust": 0.8,
"url": "http://www.microsoft.com/japan/technet/security/bulletin/MS01-031.mspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2001-000088"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0347"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://www.securityfocus.com/bid/2847"
},
{
"trust": 1.7,
"url": "http://www.microsoft.com/technet/security/bulletin/ms01-031.asp"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/5686"
},
{
"trust": 1.6,
"url": "http://www.ciac.org/ciac/bulletins/l-092.shtml"
},
{
"trust": 1.0,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-031"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6665"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/573155"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms01-026.asp"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2719"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/137544"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/downloads/release.asp?releaseid=30508"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2001-0347"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2001-0347"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/static/6665.php"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/security/bulletin/ms02-026.asp"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#137544"
},
{
"db": "CERT/CC",
"id": "VU#573155"
},
{
"db": "BID",
"id": "2847"
},
{
"db": "BID",
"id": "2719"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000088"
},
{
"db": "CNNVD",
"id": "CNNVD-200107-161"
},
{
"db": "NVD",
"id": "CVE-2001-0347"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#137544"
},
{
"db": "CERT/CC",
"id": "VU#573155"
},
{
"db": "BID",
"id": "2847"
},
{
"db": "BID",
"id": "2719"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000088"
},
{
"db": "CNNVD",
"id": "CNNVD-200107-161"
},
{
"db": "NVD",
"id": "CVE-2001-0347"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-09-18T00:00:00",
"db": "CERT/CC",
"id": "VU#137544"
},
{
"date": "2001-09-18T00:00:00",
"db": "CERT/CC",
"id": "VU#573155"
},
{
"date": "2001-06-07T00:00:00",
"db": "BID",
"id": "2847"
},
{
"date": "2001-05-14T00:00:00",
"db": "BID",
"id": "2719"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2001-000088"
},
{
"date": "2001-07-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200107-161"
},
{
"date": "2001-07-21T04:00:00",
"db": "NVD",
"id": "CVE-2001-0347"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-09-18T00:00:00",
"db": "CERT/CC",
"id": "VU#137544"
},
{
"date": "2001-09-18T00:00:00",
"db": "CERT/CC",
"id": "VU#573155"
},
{
"date": "2001-06-07T00:00:00",
"db": "BID",
"id": "2847"
},
{
"date": "2001-05-14T00:00:00",
"db": "BID",
"id": "2719"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2001-000088"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200107-161"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2001-0347"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "2847"
},
{
"db": "BID",
"id": "2719"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft IIS FTP service searches all trusted domains for user accounts",
"sources": [
{
"db": "CERT/CC",
"id": "VU#137544"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "2847"
},
{
"db": "BID",
"id": "2719"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…