cbcvebase.
CVE-1999-0755
published 1999-05-27

CVE-1999-0755: Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option.

PriorityP426medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
16.19%
96.5th percentile
Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option.

Affected

1 ranges
VendorProductVersion rangeFixed in
microsoftwindows_nt

Detection & IOCsextracted from sources · hover to see the quote

registryHKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\RasCredentials!SID#0
registryHKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\RasDialParams!SID#0
  • Credentials (dial-up username, phone number, and password) are cached in the RasDialParams LSA secret even when the user does NOT check 'Save Password'; monitor or audit access to this registry key for unauthorized reads.
  • Exploitation requires Administrator privileges; alert on non-system/non-admin processes querying LSA secrets under HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\.
  • The attack vector is enumeration of LSA secrets (as published by Paul Ashton); detect use of known LSA-secrets dumping tools or code targeting the RasCredentials and RasDialParams secret keys.
  • ·The vulnerability affects Windows NT RRAS and RAS clients across multiple service pack levels (SP1–SP5); patching or disabling RAS credential caching is required on all affected versions.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.