Vulnerability Name:

CVE-2000-0420 (CCN-4819)

Assigned:2000-05-11
Published:2000-05-11
Updated:2008-09-10
Summary:The default configuration of SYSKEY in Windows 2000 stores the startup key in the registry, which could allow an attacker tor ecover it and use it to decrypt Encrypted File System (EFS) data.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: NTBUGTRAQ
Type: UNKNOWN
20000511 ISS SAVANT Advisory 00/26

Source: MITRE
Type: CNA
CVE-2000-0420

Source: CCN
Type: NTBugTraq Mailing List, Thu May 11 2000 - 05:02:40 CDT
Default configuration of SYSKEY permits compromise of Encrypting File System

Source: CCN
Type: OSVDB ID: 59347
Microsoft Windows SYSKEY Registry EFS Startup Key Disclosure

Source: BID
Type: UNKNOWN
1198

Source: CCN
Type: BID-1198
Microsoft Windows 2000 Default SYSKEY Configuration Vulnerability

Source: XF
Type: UNKNOWN
win2k-syskey-default-configuration(4819)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    microsoft windows 2000 *
    microsoft windows 2000 *