Microsoft : Security Vulnerabilities, CVEs, Published In February 2011 (Bypass)
Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability."
Max CVSS
6.4
EPSS Score
0.68%
Published
2011-02-10
Updated
2018-10-30
The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability."
Max CVSS
7.2
EPSS Score
0.09%
Published
2011-02-09
Updated
2018-10-12
2 vulnerabilities found