CVE-2002-0421

2002-08-12T04:00:00
ID CVE-2002-0421
Type cve
Reporter cve@mitre.org
Modified 2008-09-05T20:27:00

Description

IIS 4.0 allows local users to bypass the "User cannot change password" policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr, (2) aexp2b.htr, (3) aexp3.htr , or (4) aexp4.htr.