Medium severity5.0NVD Advisory· Published Oct 6, 2005· Updated Jun 16, 2026
CVE-2005-3170
CVE-2005-3170
Description
The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site.
Affected products
2cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*
- (no CPE)range: before Update Rollup 1 for SP4
Patches
Vulnerability mechanics
References
2- support.microsoft.com/kb/883639nvdBroken LinkPatchVendor Advisory
- support.microsoft.com/kb/900345nvdBroken LinkPatchVendor Advisory
News mentions
0No linked articles in our index yet.