CVE-2002-0863

high

Description

Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A199

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-051

http://www.securityfocus.com/bid/5712

http://www.securityfocus.com/bid/5711

http://www.kb.cert.org/vuls/id/865833

http://www.iss.net/security_center/static/10122.php

http://www.iss.net/security_center/static/10121.php

http://marc.info/?l=bugtraq&m=103236181522253&w=2

http://marc.info/?l=bugtraq&m=103235960119404&w=2

Details

Source: Mitre, NVD

Published: 2002-10-11

Updated: 2019-04-30

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High