CVE-2002-0863 — Microsoft NET Windows Server vulnerability

3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

20.2%

top 4.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft NET Windows Server Microsoft Windows NT

Timeline

PublishedOct 11

Latest updateApr 30

Description

Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDmicrosoft/windows_nt4.0

▶NVDmicrosoft/net_windows_serverbeta3

🔴Vulnerability Details

GHSA

GHSA-5hh8-598f-9j69: Remote Data Protocol (RDP) version 5↗2022-04-30

▶

CVEList

CVE-2002-0863: Remote Data Protocol (RDP) version 5↗2002-10-01

▶