Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1302


Vulnerability Score 2.1 2.1
CVE Id CVE-2001-1302
Last Modified 05 Sep 2008 04:26:12
Published 18 Jul 2001 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE



The change password option in the Windows Security interface for Windows 2000 allows attackers to use the option to attempt to change passwords of other users on other systems or identify valid accounts by monitoring error messages, possibly due to a problem in the NetuserChangePassword function.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000


XF - win2k-change-network-passwords(6876)

BID - 3063

NTBUGTRAQ - 20010718 Changing NT/2000 accounts password from the command line

Last Updated: 27 May 2016 10:36:36