Vulnerability Description
Running Windows 2000 LDAP Server over SSL, a function does not properly check the permissions of a user request when the directory principal is a domain user and the data attribute is the domain password, which allows local users to modify the login password of other users.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2000 | All versions |
References
- http://www.ciac.org/ciac/bulletins/l-101.shtml
- http://www.securityfocus.com/bid/2929
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-03
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6745
- http://www.ciac.org/ciac/bulletins/l-101.shtml
- http://www.securityfocus.com/bid/2929
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-03
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6745
FAQ
What is CVE-2001-0502?
CVE-2001-0502 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Running Windows 2000 LDAP Server over SSL, a function does not properly check the permissions of a user request when the directory principal is a domain user and the data attribute is the domain passw...
How severe is CVE-2001-0502?
CVE-2001-0502 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-0502?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000.