Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2001-1517 | First vendor Publication | 2001-12-31 |
Vendor | Cve | Last vendor Modification | 2024-04-11 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 2.1 | Attack Range | Local |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it, and the original researcher did not respond to requests for additional information |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1517 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 3 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
20220 | Microsoft Windows 2000 runas.exe Cleartext Authentication Information Disclosure Microsoft Windows 2000 has been reported to contain a flaw that may lead to information disclosure by using the RUN AS service. Memory used by the runas.exe program is not cleared after use, and might be assigned to another program. An attacker with local privileges can reportedly gain access to this memory, potentially gaining sensitive information. However, the vendor notes that to gain access to this program and memory, one would need administrator privileges making this a non-issue. |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-04-11 09:28:48 |
|
2024-03-21 09:28:51 |
|
2023-11-07 21:48:12 |
|
2021-05-04 12:01:35 |
|
2021-04-22 01:01:43 |
|
2020-05-23 00:14:52 |
|
2019-04-30 21:19:16 |
|
2013-05-11 12:07:39 |
|