Vulnerability Description
RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it, and the original researcher did not respond to requests for additional information
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2000 | All versions |
References
- http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0041.htmlPatchVendor Advisory
- http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00100.html
- http://www.iss.net/security_center/static/7531.phpPatch
- http://www.securityfocus.com/bid/3184
- http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0041.htmlPatchVendor Advisory
- http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00100.html
- http://www.iss.net/security_center/static/7531.phpPatch
- http://www.securityfocus.com/bid/3184
FAQ
What is CVE-2001-1517?
CVE-2001-1517 is a vulnerability with a CVSS score of 2.1 (LOW). RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same...
How severe is CVE-2001-1517?
CVE-2001-1517 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-1517?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000.