CVE-1999-0755

Windows NT and Windows 2000 - Unintended Password Caching in RRAS and RAS Clients

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0755. PoCs published by Martin Dolphin.

AI-analyzed exploit summary This is a technical writeup describing a vulnerability in Windows NT where RAS credentials are stored in the registry, allowing enumeration via LSA secrets code. It details the registry keys involved and references prior vulnerabilities.

Description

Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Martin Dolphin · textlocalwindows

https://www.exploit-db.com/exploits/19196

View Code ZIP pw:eip

This is a technical writeup describing a vulnerability in Windows NT where RAS credentials are stored in the registry, allowing enumeration via LSA secrets code. It details the registry keys involved and references prior vulnerabilities.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Windows NT (RAS/RRAS)

Auth required

Prerequisites: Administrator privileges · Access to the target system

MITRE ATT&CK

T1003 - OS Credential Dumping

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory vendor-advisory x_refsource_mskb

http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ230681

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-017

Scores

EPSS 0.1662

EPSS Percentile 96.6%

Details

CWE

CWE-255

Status published

Products (3)

microsoft/windows_2000

microsoft/windows_nt

microsoft/windows_nt 4.0 sp1 (5 CPE variants)

Published May 27, 1999

Tracked Since Feb 18, 2026