This script is Copyright (C) 2009-2017 Tenable Network Security, Inc.
It may be possible to spoof user identities.
The Secure Channel (SChannel) authentication component included in the
remote version of Windows does not sufficiently validate certain
Transport Layer Security (TLS) handshake messages to ensure that a
client does in fact have access to the private key linked to a
certificate used for authentication. An attacker who has access to the
public key component of a user's certificate may be able to leverage
this issue to authenticate as that user against services such as web
servers that use certificate-based authentication or to impersonate that
See also :
Microsoft has released a set of patches for Windows 2000, XP, 2003,
Vista and 2008.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 6.9
Public Exploit Available : false