CVE-2001-1517

Опубликовано: 31 дек. 2001

Источник: nvd

CVSS2: 2.1

EPSS Низкий

Описание

RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it, and the original researcher did not respond to requests for additional information

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*

EPSS

Процентиль: 86%

0.03047

Низкий

2.1 Low

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-6w2r-x6qc-ch2w

github

больше 3 лет назад

** DISPUTED ** RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it, and the original researcher did not respond to requests for additional information.