Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1302

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2001-1302
Last Modified 05 Sep 2008 04:26:12
Published 18 Jul 2001 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2001-1302

Summary

The change password option in the Windows Security interface for Windows 2000 allows attackers to use the option to attempt to change passwords of other users on other systems or identify valid accounts by monitoring error messages, possibly due to a problem in the NetuserChangePassword function.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000


References

XF - win2k-change-network-passwords(6876)

BID - 3063

NTBUGTRAQ - 20010718 Changing NT/2000 accounts password from the command line


Last Updated: 27 May 2016 10:36:36