CVE-2001-1517

Name of the Vulnerable Software and Affected Versions Windows 2000

Description The issue concerns the storage of cleartext authentication information in memory by RunAs (runas.exe) in Windows 2000. This could potentially allow attackers to obtain usernames and passwords by executing a process allocated the same memory page after a RunAs command terminates. It is noted that the vendor disputes this issue, stating that administrative privileges are already required to exploit it.

Recommendations For Windows 2000, consider restricting access to the runas.exe command to minimize the risk of exploitation, as administrative privileges are required to exploit this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.