CVE-2002-0054 — HIGH severity vulnerability (SMTP service in (1) Microsoft Windows 2000 and (2) Internet)
SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.
| CVE ID | CVE-2002-0054 |
|---|---|
| Severity | HIGH |
| CVSS score | 7.5 |
| CVSS vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| CWE | CWE-294 |
| Status | Modified |
| Published | 2002-03-08 |
| Last modified | 2026-04-16 |
| Description | SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials. |
| Source | NIST National Vulnerability Database |
🔍 Search all vulnerabilities →
$999/mo
Try CVECheck →