CVE-2000-0979
published 2000-12-19CVE-2000-0979: File and Print Sharing service in Windows 95, Windows 98, and Windows Me does not properly check the password for a file share, which allows remote attackers…
PriorityP343medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EXPLOIT
EPSS
45.63%
98.6th percentile
File and Print Sharing service in Windows 95, Windows 98, and Windows Me does not properly check the password for a file share, which allows remote attackers to bypass share access controls by sending a 1-byte password that matches the first character of the real password, aka the "Share Level Password" vulnerability.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Windows 9x/ME - Share Level Password Bypass (1)
exploitdb·2000-10-10
CVE-2000-0979 Microsoft Windows 9x/ME - Share Level Password Bypass (1)
Microsoft Windows 9x/ME - Share Level Password Bypass (1)
---
source: https://www.securityfocus.com/bid/1780/info
Share level password protection for the File and Print Sharing service in Windows 95/98/ME can be bypassed.
Share level access provides peer to peer networking capabilities in the Windows 9x/ME environment. It depends on password protection in order to grant or deny access to resources. Due to a flaw in the implementation of File and Print Sharing security, a remote intruder could access share level protected resources without entering a complete password by programatically modifying the data length of the password.
The flaw is due to the NetBIOS implementation in the password verification scheme share level access utilizes.
The password length is compared to the length o
Exploit-DB
Microsoft Windows 9x/ME - Share Level Password Bypass (2)
exploitdb·2000-10-10
CVE-2000-0979 Microsoft Windows 9x/ME - Share Level Password Bypass (2)
Microsoft Windows 9x/ME - Share Level Password Bypass (2)
---
source: https://www.securityfocus.com/bid/1780/info
Share level password protection for the File and Print Sharing service in Windows 95/98/ME can be bypassed.
Share level access provides peer to peer networking capabilities in the Windows 9x/ME environment. It depends on password protection in order to grant or deny access to resources. Due to a flaw in the implementation of File and Print Sharing security, a remote intruder could access share level protected resources without entering a complete password by programatically modifying the data length of the password.
The flaw is due to the NetBIOS implementation in the password verification scheme share level access utilizes.
The password length is compared to the length o
No writeups or analysis indexed.
CWE
Authentication Bypass by Primary Weakness
mitre_cwe·CVSS 6.4
CVE-2002-1374 [MEDIUM] CWE-305 Authentication Bypass by Primary Weakness
CWE-305: Authentication Bypass by Primary Weakness
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
Modes of Introduction:
Phase: Implementation
Note: REALIZATION: This weakness is caused during implementation of an architectural security tactic.
Common Consequences:
Scope: Access Control. Impact: Bypass Protection Mechanism.
Observed Examples:
CVE-2002-1374: The provided password is only compared against the first character of the real password.
CVE-2000-0979: The password is not properly checked, which allows remote attackers to bypass access controls by sending a 1-byte password that matches the first character of the real password.
CVE-2001-0088: Chain: Forum softwa
CWE
Partial String Comparison
mitre_cwe·CVSS 7.5
[HIGH] CWE-187 Partial String Comparison
CWE-187: Partial String Comparison
The product performs a comparison that only examines a portion of a factor before determining whether there is a match, such as a substring, leading to resultant weaknesses.
For example, an attacker might succeed in authentication by providing a small password that matches the associated portion of the larger, correct password.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Integrity, Access Control. Impact: Alter Execution Logic, Bypass Protection Mechanism.
Potential Mitigations:
[Testing] Thoroughly test the comparison scheme before deploying code into production. Perform positive testing as well as negative testing.
Examples:
This example defines a fixed username and password. The AuthenticateUser() function is intended
http://marc.info/?l=bugtraq&m=97147777618139&w=2http://www.securityfocus.com/bid/1780https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-072https://exchange.xforce.ibmcloud.com/vulnerabilities/5395https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A996http://marc.info/?l=bugtraq&m=97147777618139&w=2http://www.securityfocus.com/bid/1780https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-072https://exchange.xforce.ibmcloud.com/vulnerabilities/5395https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A996
2000-12-19
Published