Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0421

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-0421
Last Modified 05 Sep 2008 04:27:58
Published 12 Aug 2002 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0421

Summary

IIS 4.0 allows local users to bypass the "User cannot change password" policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr, (2) aexp2b.htr, (3) aexp3.htr , or (4) aexp4.htr.

Vulnerable Systems

Operating System

  • Microsoft Windows Nt 4.0


References

BID - 4236

XF - winnt-pw-policy-bypass(8388)

BUGTRAQ - 20020306 NT user (who is locked changing his/her password by administrator ) can bypass the security policy and Change the password.


Last Updated: 27 May 2016 10:36:54