CVE-2019-1338

A security feature bypass vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLMv2 protection if a client is also sending LMv2 responses, aka 'Windows NTLM Security Feature Bypass Vulnerability'.

Published : 2019-10-10 14:15 Updated : 2019-10-15 20:49

4.3
CVSS Score More info
Score 4.3 / 10
4.3
Vendor Product Version URI
Microsoft Windows 7 - cpe:/o:microsoft:windows_7:-:sp1
Microsoft Windows Server 2008 - cpe:/o:microsoft:windows_server_2008:-:sp2
Microsoft Windows Server 2008 r2 cpe:/o:microsoft:windows_server_2008:r2:sp1:~~~~itanium~
Microsoft Windows Server 2008 r2 cpe:/o:microsoft:windows_server_2008:r2:sp1:~~~~x64~
  1. Microsoft (2) Search CVE
    1. Windows 7 (1) Search CVE
      1. -
    2. Windows Server 2008 (2) Search CVE
      1. -
      2. R2

CWE

ID Name Description Links
CWE-326 Inadequate Encryption Strength The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required. CVE

History of changes

Date Event
2019-10-15 20:49
2019-10-10 14:19

New CVE