Weak Encryption Vulnerability in Microsoft Windows Remote Desktop Protocol
CVE-2002-0863

Currently unrated

Key Information:

Vendor: Microsoft
Status: .net Windows Server
Vendor: CVE Published:; 11 October 2002

What is CVE-2002-0863?

The Remote Data Protocol (RDP) versions integrated into Microsoft Windows 2000 and Windows XP expose a significant vulnerability by failing to encrypt the checksums of plaintext session data. This flaw allows malicious actors to potentially determine the contents of encrypted sessions by performing network sniffing. This weakness can compromise the confidentiality of sensitive information transmitted during remote desktop sessions, enabling attackers to gain unauthorized access to user data.

References

http://www.securityfocus.com/bid/5711

vdb-entryx_refsource_BID

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.iss.net/security_center/static/10122.php

vdb-entryx_refsource_XF

EPSS Score

9% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 11, 2002
Vulnerability Reserved
Aug 15, 2002