CVE-2002-0863

Published on: 10/01/2002 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:26:03 PM UTC

AV:N/AC:L/Au:N/C:P/I:N/A:N

Certain versions of .net Windows Server from Microsoft contain the following vulnerability:

Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."

CVSS2 Score: 5 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL NONE NONE

CVE References

Description Tags Link
'Microsoft Windows Remote Desktop Protocol checksum and keystroke' - MARC marc.info
text/html
URL Logo BUGTRAQ 20020916 Microsoft Windows Remote Desktop Protocol checksum and keystroke vulnerabilities
CERT/CC Vulnerability Note VU#865833 US Government Resource
www.kb.cert.org
text/html
URL Logo CERT-VN VU#865833
Microsoft Windows Encrypted RDP Packet Information Leakage Vulnerability cve.report (archive)
text/html
URL Logo BID 5711
Microsoft Windows RDP Keystroke Injection Vulnerability cve.report (archive)
text/html
URL Logo BID 5712
'Microsoft Windows Terminal Services vulnerabilities' - MARC marc.info
text/html
URL Logo BUGTRAQ 20020918 Microsoft Windows Terminal Services vulnerabilities
Microsoft Security Bulletin MS02-051 - Moderate | Microsoft Docs docs.microsoft.com
text/html
URL Logo MS MS02-051
ISS X-Force Database: win-rdp-keystroke-monitoring (10122): Windows Remote Desktop Protocol could allow an attacker to monitor keystrokes web.archive.org
text/html
Inactive LinkNot Archived
URL Logo XF win-rdp-keystroke-monitoring(10122)
Repository / Oval Repository oval.cisecurity.org
text/html
URL Logo OVAL oval:org.mitre.oval:def:199
ISS X-Force Database: win-rdp-checksum-leak (10121): Windows Remote Desktop Protocol checksum information leak Vendor Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo XF win-rdp-checksum-leak(10121)

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationMicrosoft.net Windows Serverbeta3AllstandardAll
ApplicationMicrosoft.net Windows Serverbeta3AllstandardAll
Operating
System
MicrosoftWindows 2000AllAllAllAll
Operating
System
MicrosoftWindows 2000Allsp1AllAll
Operating
System
MicrosoftWindows 2000Allsp2AllAll
Operating
System
MicrosoftWindows 2000Allsp3AllAll
Operating
System
MicrosoftWindows 2000AllAllAllAll
Operating
System
MicrosoftWindows 2000Allsp1AllAll
Operating
System
MicrosoftWindows 2000Allsp2AllAll
Operating
System
MicrosoftWindows 2000Allsp3AllAll
Operating
System
MicrosoftWindows 2000 Terminal ServicesAllAllAllAll
Operating
System
MicrosoftWindows 2000 Terminal ServicesAllsp1AllAll
Operating
System
MicrosoftWindows 2000 Terminal ServicesAllsp2AllAll
Operating
System
MicrosoftWindows 2000 Terminal ServicesAllsp3AllAll
Operating
System
MicrosoftWindows 2000 Terminal ServicesAllAllAllAll
Operating
System
MicrosoftWindows 2000 Terminal ServicesAllsp1AllAll
Operating
System
MicrosoftWindows 2000 Terminal ServicesAllsp2AllAll
Operating
System
MicrosoftWindows 2000 Terminal ServicesAllsp3AllAll
Operating
System
MicrosoftWindows Nt4.0Allterminal_serverAll
Operating
System
MicrosoftWindows Nt4.0sp1terminal_serverAll
Operating
System
MicrosoftWindows Nt4.0sp2terminal_serverAll
Operating
System
MicrosoftWindows Nt4.0sp3terminal_serverAll
Operating
System
MicrosoftWindows Nt4.0sp4terminal_serverAll
Operating
System
MicrosoftWindows Nt4.0sp5terminal_serverAll
Operating
System
MicrosoftWindows Nt4.0sp6terminal_serverAll
Operating
System
MicrosoftWindows Nt4.0sp6aterminal_serverAll
Operating
System
MicrosoftWindows Nt4.0Allterminal_serverAll
Operating
System
MicrosoftWindows Nt4.0sp1terminal_serverAll
Operating
System
MicrosoftWindows Nt4.0sp2terminal_serverAll
Operating
System
MicrosoftWindows Nt4.0sp3terminal_serverAll
Operating
System
MicrosoftWindows Nt4.0sp4terminal_serverAll
Operating
System
MicrosoftWindows Nt4.0sp5terminal_serverAll
Operating
System
MicrosoftWindows Nt4.0sp6terminal_serverAll
Operating
System
MicrosoftWindows Nt4.0sp6aterminal_serverAll
Operating
System
MicrosoftWindows XpAllAll64-bitAll
Operating
System
MicrosoftWindows XpAllAllhomeAll
Operating
System
MicrosoftWindows XpAllgoldprofessionalAll
Operating
System
MicrosoftWindows XpAllsp164-bitAll
Operating
System
MicrosoftWindows XpAllsp1homeAll
Operating
System
MicrosoftWindows XpAllAll64-bitAll
Operating
System
MicrosoftWindows XpAllAllhomeAll
Operating
System
MicrosoftWindows XpAllgoldprofessionalAll
Operating
System
MicrosoftWindows XpAllsp164-bitAll
Operating
System
MicrosoftWindows XpAllsp1homeAll
  • cpe:2.3:a:microsoft:.net_windows_server:beta3:*:standard:*:*:*:*:*:
  • cpe:2.3:a:microsoft:.net_windows_server:beta3:*:standard:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp3:*:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp3:*:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:terminal_server:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:terminal_server:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*:
© CVE.report 2021 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report