CVE-1999-0755
published 1999-05-27CVE-1999-0755: Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option.
PriorityP426medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
16.19%
96.5th percentile
Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_nt | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Credentials (dial-up username, phone number, and password) are cached in the RasDialParams LSA secret even when the user does NOT check 'Save Password'; monitor or audit access to this registry key for unauthorized reads. ↗
- →Exploitation requires Administrator privileges; alert on non-system/non-admin processes querying LSA secrets under HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\. ↗
- →The attack vector is enumeration of LSA secrets (as published by Paul Ashton); detect use of known LSA-secrets dumping tools or code targeting the RasCredentials and RasDialParams secret keys. ↗
- ·The vulnerability affects Windows NT RRAS and RAS clients across multiple service pack levels (SP1–SP5); patching or disabling RAS credential caching is required on all affected versions. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Microsoft Windows NT 4.0 RRAS/RAS Client credentials management (MS99-017 / EDB-19196)
vuldb·2026-04-19·CVSS 5.0
CVE-1999-0755 [MEDIUM] Microsoft Windows NT 4.0 RRAS/RAS Client credentials management (MS99-017 / EDB-19196)
A vulnerability labeled as critical has been found in Microsoft Windows NT 4.0. Impacted is an unknown function of the component RRAS/RAS Client. Executing a manipulation can lead to credentials management.
This vulnerability appears as CVE-1999-0755. The attack may be performed from remote. In addition, an exploit is available.
It is advisable to implement a patch to correct this issue.
GHSA
GHSA-g6q4-7rrm-ppv6: Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option
ghsa_unreviewed·2022-04-30
CVE-1999-0755 [MEDIUM] GHSA-g6q4-7rrm-ppv6: Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option
Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option.
Suricata
GPL FTP SITE overflow attempt
suricata·2010-09-23
CVE-1999-0838 GPL FTP SITE overflow attempt
GPL FTP SITE overflow attempt
Rule: alert ftp $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL FTP SITE overflow attempt"; flow:established,to_server; content:"SITE"; nocase; isdataat:100,relative; pcre:"/^SITE\s[^\n]{100}/smi"; reference:cve,1999-0838; reference:cve,2001-0755; reference:cve,2001-0770; classtype:attempted-admin; sid:2101529; rev:13; metadata:created_at 2010_09_23, cve CVE_1999_0838, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
No writeups or analysis indexed.
http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ230681https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-017http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ230681https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-017
1999-05-27
Published