5 - MS02-051

Executive Summary

Informations
Name	MS02-051	First vendor Publication	N/A
Vendor	Microsoft	Last vendor Modification	N/A
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cryptographic Flaw in RDP Protocol can Lead to Information Disclosure (Q324380)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:199

Oval ID:	oval:org.mitre.oval:def:199
Title:	Weak Encryption in RDP Protocol
Description:	Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2002-0863	Version:	8
Platform(s):	Microsoft Windows 2000	Product(s):	Remote Data Protocol (RDP)
Definition Synopsis:
Software section Terminal Server Version AND File %windir%\system32\drivers\rdpwd.sys version is less than 5.0.2195.5880 AND NOT Patch Q324380 installed AND NOT SP4 or later Installed AND Configuration section RDP Enabled

CPE : Common Platform Enumeration

Type	Description	Count
Application	Microsoft .Net Windows Server cpe:2.3:a:microsoft:.net_windows_server:beta3::standard:::::	1
Os	Microsoft Windows 2000 cpe:2.3:o:microsoft:windows_2000:::::::: cpe:2.3:o:microsoft:windows_2000::sp3::::::* cpe:2.3:o:microsoft:windows_2000::sp2::::::* cpe:2.3:o:microsoft:windows_2000::sp1::::::*	4
Os	Microsoft Windows 2000 Terminal Services cpe:2.3:o:microsoft:windows_2000_terminal_services::sp1::::::* cpe:2.3:o:microsoft:windows_2000_terminal_services::sp2::::::* cpe:2.3:o:microsoft:windows_2000_terminal_services:::::::: cpe:2.3:o:microsoft:windows_2000_terminal_services::sp3::::::*	4
Os	Microsoft Windows Nt cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:::terminal_server::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp4:::terminal_server::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp3:::terminal_server::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp5:::terminal_server::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp2:::terminal_server::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp6:::terminal_server::x86: cpe:2.3:o:microsoft:windows_nt:4.0:sp1:::terminal_server::x86: cpe:2.3:o:microsoft:windows_nt:4.0::terminal_server:::::	8
Os	Microsoft Windows Xp cpe:2.3:o:microsoft:windows_xp::sp1:64-bit::::: cpe:2.3:o:microsoft:windows_xp::sp1:home::::: cpe:2.3:o:microsoft:windows_xp:::home:::::* cpe:2.3:o:microsoft:windows_xp:::64-bit:::::* cpe:2.3:o:microsoft:windows_xp::gold:professional:::::	5

OpenVAS Exploits

Date	Description
2009-03-15	Name : MS04-011 security check File : nvt/remote-MS04-011.nasl
2005-11-03	Name : Microsoft RDP flaws could allow sniffing and DOS(Q324380) File : nvt/smb_nt_ms02-051.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
13421	Microsoft Windows XP RDP Malformed PDU Confirm Active Packet DoS
866	Cryptographic Info leak in RDP Protocol Microsoft's Remote Data Protocol contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when non-encrypted data checksums are sent, which may allow cryptographic recovery of the session data information, resulting in a loss of confidentiality.

Nessus® Vulnerability Scanner

Date	Description
2002-10-24	Name : It is possible to crash the remote desktop service. File : smb_nt_ms02-051.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2016-10-18 12:06:55	Multiple Updates
2016-08-31 12:05:41	Multiple Updates
2016-08-06 12:04:10	Multiple Updates
2016-06-28 20:09:23	Multiple Updates
2014-02-17 11:44:45	Multiple Updates

Global Informations

Type	Count
Oval ID(s)	1
CPE ID(s)	22
osvdb(s)	2
Openvas Exploit(s)	2
Nessus® Exploit(s)	1

	Related
5	CVE-2002-0864
5	CVE-2002-0863
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 2 more Alert(s)

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0204s

Facebook rss twitter linkedin mail