[原文]** DISPUTED ** RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it, and the original researcher did not respond to requests for additional information.
The fix for this vulnerability will reportedly be included in Service Pack 3. Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org .
Microsoft Windows 2000 runas.exe Cleartext Authentication Information Disclosure
Local Access Required
Loss of Confidentiality
Microsoft Windows 2000 has been reported to contain a flaw that may lead to information disclosure by using the RUN AS service. Memory used by the runas.exe program is not cleared after use, and might be assigned to another program. An attacker with local privileges can reportedly gain access to this memory, potentially gaining sensitive information. However, the vendor notes that to gain access to this program and memory, one would need administrator privileges making this a non-issue.
The vulnerability reported is incorrect. No solution required.