First published: Thu Jun 01 2000(Updated: )
The Protected Store in Windows 2000 does not properly select the strongest encryption when available, which causes it to use a default of 40-bit encryption instead of 56-bit DES encryption, aka the "Protected Store Key Length" vulnerability.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Windows 2000 | ||
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2000-0487 has a moderate severity rating due to the use of weaker encryption.
To fix CVE-2000-0487, ensure that the Windows 2000 system is updated with appropriate security patches from Microsoft.
The consequences of CVE-2000-0487 include potential exposure of sensitive data due to insufficient encryption strength.
CVE-2000-0487 affects all versions of Microsoft Windows 2000.
It is not safe to use applications relying on the Protected Store in Windows 2000 without addressing CVE-2000-0487 due to weak encryption.