CVE-2001-1519

Name of the Vulnerable Software and Affected Versions Windows 2000

Description The issue allows local users to create a spoofed named pipe when the RunAs service is stopped, then capture cleartext usernames and passwords when clients connect to the service. The vendor disputes this issue, saying that administrative privileges are already required to exploit it.

Recommendations For Windows 2000, consider restricting access to the RunAs service to minimize the risk of exploitation. As a temporary workaround, consider disabling the RunAs service until a resolution is available.