CVE-2001-1519

2022-10-0316:22:34

mitre

www.cve.org

cve-2001-1519

runas

windows 2000

named pipe

spoofed

vulnerability

cleartext

usernames

passwords

local users

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.3%

JSON

RunAs (runas.exe) in Windows 2000 allows local users to create a spoofed named pipe when the service is stopped, then capture cleartext usernames and passwords when clients connect to the service. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it

References

online.securityfocus.com/archive/1/236111

online.securityfocus.com/archive/1/240136

www.iss.net/security_center/static/7532.php

www.securityfocus.com/bid/3185