CVE-2001-1571

The Remote Desktop client in Windows XP sends the most recent user account name in cleartext, which could allow remote attackers to obtain terminal server user account names via sniffing.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2001-12/0213.html
http://www.iss.net/security_center/static/7732.php
http://www.securityfocus.com/bid/3720
http://archives.neohapsis.com/archives/bugtraq/2001-12/0213.html
http://www.iss.net/security_center/static/7732.php
http://www.securityfocus.com/bid/3720

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_xp:::home:::::*
	cpe:2.3:o:microsoft:windows_xp::gold:professional:::::

History

20 Nov 2024, 23:38

Type	Values Removed	Values Added
References	~~() http://archives.neohapsis.com/archives/bugtraq/2001-12/0213.html -~~	() http://archives.neohapsis.com/archives/bugtraq/2001-12/0213.html -
References	~~() http://www.iss.net/security_center/static/7732.php -~~	() http://www.iss.net/security_center/static/7732.php -
References	~~() http://www.securityfocus.com/bid/3720 -~~	() http://www.securityfocus.com/bid/3720 -

Information

Published : 2001-12-31 05:00

Updated : 2025-04-03 01:03

NVD link : CVE-2001-1571

Mitre link : CVE-2001-1571

CVE.ORG link : CVE-2001-1571

JSON object : View

Products Affected

microsoft

windows_xp

CWE

NVD-CWE-Other

{"id": "CVE-2001-1571", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2001-12-31T05:00:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0213.html", "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/7732.php", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/3720", "source": "cve@mitre.org"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0213.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.iss.net/security_center/static/7732.php", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/3720", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The Remote Desktop client in Windows XP sends the most recent user account name in cleartext, which could allow remote attackers to obtain terminal server user account names via sniffing."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC176BB0-1655-4BEA-A841-C4158167CC9B"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BF263CB-4239-4DB0-867C-9069ED02CAD7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

5.0 /10