VDB
CVE-2002-0863
CVE-2002-0863
PUBLISHED
CVSS 5 MEDIUM
Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."
EPSS 15.94% · 94.9th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
15.94%
94.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| microsoft | .net_windows_server | beta3 |
| microsoft | windows_nt | 4.0, 4.0, 4.0 |
| microsoft | windows_2000_terminal_services | |
| microsoft | windows_xp | |
| microsoft | windows_2000 |
Timeline
- Oct 1, 2002 CVE Published
- Feb 4, 2022 EPSS Score
- Apr 30, 2022 CVE Updated
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Jul 30, 2023 EPSS Score
- Oct 30, 2023 EPSS Score
References
- 5711 vdb
- MS02-051 vendor-advisory
- win-rdp-keystroke-monitoring(10122) vdb
- VU#865833 third-party-advisory
- 20020916 Microsoft Windows Remote Desktop Protocol checksum and keystroke vulnerabilities mailing-list
- 5712 vdb
- 20020918 Microsoft Windows Terminal Services vulnerabilities mailing-list
- win-rdp-checksum-leak(10121) vdb
- oval:org.mitre.oval:def:199 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2002-0863 advisory