QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2009-0085

Back to search

CVE-2009-0085

Published: Mar 10, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability."

VendorProductVersions

n/a

n/a

affected
n/a

References

MS09-007
vendor-advisory
x_refsource_MS
1021828
vdb-entry
x_refsource_SECTRACK
TA09-069A
third-party-advisory
x_refsource_CERT
ADV-2009-0660
vdb-entry
x_refsource_VUPEN
oval:org.mitre.oval:def:6011
vdb-entry
signature
x_refsource_OVAL
34215
third-party-advisory
x_refsource_SECUNIA
52521
vdb-entry
x_refsource_OSVDB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now