Vulnerability Description
Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | .Net Windows Server | beta3 |
| Microsoft | Windows 2000 | All versions |
| Microsoft | Windows 2000 Terminal Services | All versions |
| Microsoft | Windows Nt | 4.0 |
| Microsoft | Windows Xp | All versions |
References
- http://marc.info/?l=bugtraq&m=103235960119404&w=2
- http://marc.info/?l=bugtraq&m=103236181522253&w=2
- http://www.iss.net/security_center/static/10121.phpVendor Advisory
- http://www.iss.net/security_center/static/10122.php
- http://www.kb.cert.org/vuls/id/865833US Government Resource
- http://www.securityfocus.com/bid/5711
- http://www.securityfocus.com/bid/5712
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-05
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://marc.info/?l=bugtraq&m=103235960119404&w=2
- http://marc.info/?l=bugtraq&m=103236181522253&w=2
- http://www.iss.net/security_center/static/10121.phpVendor Advisory
- http://www.iss.net/security_center/static/10122.php
- http://www.kb.cert.org/vuls/id/865833US Government Resource
- http://www.securityfocus.com/bid/5711
FAQ
What is CVE-2002-0863?
CVE-2002-0863 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine th...
How severe is CVE-2002-0863?
CVE-2002-0863 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0863?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft .Net Windows Server, Microsoft Windows 2000, Microsoft Windows 2000 Terminal Services, Microsoft Windows Nt, Microsoft Windows Xp.