Lucene search
MitreCVE-2002-2028HistoryJul 14, 2005 - 4:00 a.m.
CVE-2002-2028
2005-07-1404:00:00
mitre
web.nvd.nist.gov
28
windows
screensaver
vulnerability
brute force
password guessing
nvd
cve-2002-2028
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.9
Confidence
Low
EPSS
0.002
Percentile
57.6%
The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing.
Affected configurations
Node
microsoftwindows_2000
ORmicrosoftwindows_2000sp1
ORmicrosoftwindows_2000sp2
ORmicrosoftwindows_ntMatch4.0enterprise_server
ORmicrosoftwindows_ntMatch4.0server
ORmicrosoftwindows_ntMatch4.0terminal_server
ORmicrosoftwindows_ntMatch4.0workstation
ORmicrosoftwindows_ntMatch4.0sp1enterprise_server
ORmicrosoftwindows_ntMatch4.0sp1server
ORmicrosoftwindows_ntMatch4.0sp1terminal_server
ORmicrosoftwindows_ntMatch4.0sp1workstation
ORmicrosoftwindows_ntMatch4.0sp2enterprise_server
ORmicrosoftwindows_ntMatch4.0sp2server
ORmicrosoftwindows_ntMatch4.0sp2terminal_server
ORmicrosoftwindows_ntMatch4.0sp2workstation
ORmicrosoftwindows_ntMatch4.0sp3enterprise_server
ORmicrosoftwindows_ntMatch4.0sp3server
ORmicrosoftwindows_ntMatch4.0sp3terminal_server
ORmicrosoftwindows_ntMatch4.0sp3workstation
ORmicrosoftwindows_ntMatch4.0sp4enterprise_server
ORmicrosoftwindows_ntMatch4.0sp4server
ORmicrosoftwindows_ntMatch4.0sp4terminal_server
ORmicrosoftwindows_ntMatch4.0sp4workstation
ORmicrosoftwindows_ntMatch4.0sp5enterprise_server
ORmicrosoftwindows_ntMatch4.0sp5server
ORmicrosoftwindows_ntMatch4.0sp5terminal_server
ORmicrosoftwindows_ntMatch4.0sp5workstation
ORmicrosoftwindows_ntMatch4.0sp6aenterprise_server
ORmicrosoftwindows_ntMatch4.0sp6aserver
ORmicrosoftwindows_ntMatch4.0sp6aworkstation
ORmicrosoftwindows_xpgoldprofessional
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | windows_2000 | * | cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:* |
| microsoft | windows_2000 | * | cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:* |
| microsoft | windows_2000 | * | cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:* |
| microsoft | windows_nt | 4.0 | cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:* |
| microsoft | windows_nt | 4.0 | cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:* |
| microsoft | windows_nt | 4.0 | cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:* |
| microsoft | windows_nt | 4.0 | cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:* |
| microsoft | windows_nt | 4.0 | cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:* |
| microsoft | windows_nt | 4.0 | cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:* |
| microsoft | windows_nt | 4.0 | cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:* |
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.9
Confidence
Low
EPSS
0.002
Percentile
57.6%
Related for CVE-2002-2028