Authentication Bypass in File and Print Sharing Service of Microsoft Windows Products
CVE-2000-0979

Currently unrated

Key Information:

Vendor
Microsoft
Status
Windows 98se
Windows 95
Windows Me
Windows 98
Vendor
CVE Published:
19 December 2000

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 21%

Summary

The File and Print Sharing service in Microsoft Windows 95, 98, and Me is susceptible to an authentication bypass vulnerability. This flaw arises from improper password checking, allowing remote attackers to access shared resources by submitting a single-byte password that corresponds to the first character of the actual password, effectively circumventing access restrictions. This vulnerability can compromise the availability of sensitive files and the integrity of shared directories, exposing users to unauthorized access.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2000-0979
Created by Z6543

References

https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS
https://exchange.xforce.ibmcloud.com/vulnerabilities/5395
vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/1780
vdb-entryx_refsource_BID

EPSS Score

21% chance of being exploited in the next 30 days.

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.