Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0421


Vulnerability Score 5.0 5.0
CVE Id CVE-2002-0421
Last Modified 05 Sep 2008 04:27:58
Published 12 Aug 2002 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



IIS 4.0 allows local users to bypass the "User cannot change password" policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr, (2) aexp2b.htr, (3) aexp3.htr , or (4) aexp4.htr.

Vulnerable Systems

Operating System

  • Microsoft Windows Nt 4.0


BID - 4236

XF - winnt-pw-policy-bypass(8388)

BUGTRAQ - 20020306 NT user (who is locked changing his/her password by administrator ) can bypass the security policy and Change the password.

Last Updated: 27 May 2016 10:36:54