Vulnerability Description
The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2000 | All versions |
| Microsoft | Windows Nt | 4.0 |
| Microsoft | Windows Xp | All versions |
References
- http://cert.uni-stuttgart.de/archive/bugtraq/2002/01/msg00278.html
- http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq188700
- http://www.heysoft.de/nt/lbh.htmVendor Advisory
- http://www.securityfocus.com/bid/3933
- http://cert.uni-stuttgart.de/archive/bugtraq/2002/01/msg00278.html
- http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq188700
- http://www.heysoft.de/nt/lbh.htmVendor Advisory
- http://www.securityfocus.com/bid/3933
FAQ
What is CVE-2002-2028?
CVE-2002-2028 is a vulnerability with a CVSS score of 2.1 (LOW). The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical acces...
How severe is CVE-2002-2028?
CVE-2002-2028 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-2028?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Windows Nt, Microsoft Windows Xp.