Vulnerabilities > CVE-2002-0863 - Unspecified vulnerability in Microsoft products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| OS | 21 |
Nessus
| NASL family | Windows : Microsoft Bulletins |
| NASL id | SMB_NT_MS02-051.NASL |
| description | The remote host contains a version of the Remote Desktop protocol / service that could allow an attacker to crash the remote service and cause the system to stop responding. Another vulnerability could allow an attacker to disclose information. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 11146 |
| published | 2002-10-24 |
| reporter | This script is Copyright (C) 2002-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/11146 |
| title | MS02-051: Cryptographic Flaw in RDP Protocol can Lead to Information Disclosure (324380) |
Oval
| accepted | 2012-04-16T04:07:56.223-04:00 | ||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||
| description | Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol." | ||||||||||||||||||||||||
| family | windows | ||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:199 | ||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||
| submitted | 2003-10-10T12:00:00.000-04:00 | ||||||||||||||||||||||||
| title | Weak Encryption in RDP Protocol | ||||||||||||||||||||||||
| version | 42 |
References
- http://marc.info/?l=bugtraq&m=103235960119404&w=2
- http://marc.info/?l=bugtraq&m=103236181522253&w=2
- http://www.iss.net/security_center/static/10121.php
- http://www.iss.net/security_center/static/10122.php
- http://www.kb.cert.org/vuls/id/865833
- http://www.securityfocus.com/bid/5711
- http://www.securityfocus.com/bid/5712
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-051
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A199