CVE Catalog

CVE-2000-0487

Low
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

High risk
2.48%

82th percentile — higher than 82% of all known CVEs

Summary

The Protected Store in Windows 2000 does not properly select the strongest encryption, resulting in the use of a default 40-bit encryption instead of 56-bit DES.

Risk Assessment

The organization may be at risk of data security issues, as the weaker encryption can be more easily compromised by attackers.

Recommendation

It is recommended to upgrade Windows 2000 to a newer version that improves the encryption mechanisms in the Protected Store.

Original NVD description (English source)

The Protected Store in Windows 2000 does not properly select the strongest encryption when available, which causes it to use a default of 40-bit encryption instead of 56-bit DES encryption, aka the "Protected Store Key Length" vulnerability.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS