CVE DATABASE / CVE-2001-1517
CVE-2001-1517
CVSS 2.1 · LOW
Summary
RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it, and the original researcher did not respond to requests for additional information
CVSS 2.0 breakdown
| Base score | 2.1 (LOW) |
| Vector | AV:L/AC:L/Au:N/C:P/I:N/A:N |
| Attack vector | LOCAL |
| Attack complexity | LOW |
| Confidentiality | PARTIAL |
| Integrity | NONE |
| Availability | NONE |
Affected products
Microsoft windows 2000
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0041.html
- http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00100.html
- http://www.iss.net/security_center/static/7531.php
- http://www.securityfocus.com/bid/3184
Data: NIST NVD. NVD last modified 2026-04-16. Always verify against the vendor advisory before acting.