Vulnerabilities > CVE-2002-0863 - Unspecified vulnerability in Microsoft products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN microsoft
nessus
Summary
Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| OS | 21 |
Nessus
| NASL family | Windows : Microsoft Bulletins |
| NASL id | SMB_NT_MS02-051.NASL |
| description | The remote host contains a version of the Remote Desktop protocol / service that could allow an attacker to crash the remote service and cause the system to stop responding. Another vulnerability could allow an attacker to disclose information. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 11146 |
| published | 2002-10-24 |
| reporter | This script is Copyright (C) 2002-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/11146 |
| title | MS02-051: Cryptographic Flaw in RDP Protocol can Lead to Information Disclosure (324380) |
Oval
| accepted | 2012-04-16T04:07:56.223-04:00 | ||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||
| description | Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol." | ||||||||||||||||||||||||
| family | windows | ||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:199 | ||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||
| submitted | 2003-10-10T12:00:00.000-04:00 | ||||||||||||||||||||||||
| title | Weak Encryption in RDP Protocol | ||||||||||||||||||||||||
| version | 42 |
References
- http://www.iss.net/security_center/static/10121.php
- http://www.kb.cert.org/vuls/id/865833
- http://www.securityfocus.com/bid/5711
- http://www.securityfocus.com/bid/5712
- http://www.iss.net/security_center/static/10122.php
- http://marc.info/?l=bugtraq&m=103236181522253&w=2
- http://marc.info/?l=bugtraq&m=103235960119404&w=2
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A199
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-051