Lucene search

[email protected]CVE-2002-2028

HistoryOct 03, 2022 - 4:23 p.m.

CVE-2002-2028

2022-10-0316:23:50

[email protected]

web.nvd.nist.gov

windows

screensaver

vulnerability

brute force

password guessing

nvd

cve-2002-2028

6.9 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

44.8%

JSON

The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing.

Affected configurations

NVD

Node

microsoftwindows_2000

microsoftwindows_2000sp1

microsoftwindows_2000sp2

microsoftwindows_ntMatch4.0enterprise_server

microsoftwindows_ntMatch4.0server

microsoftwindows_ntMatch4.0terminal_server

microsoftwindows_ntMatch4.0workstation

microsoftwindows_ntMatch4.0sp1enterprise_server

microsoftwindows_ntMatch4.0sp1server

microsoftwindows_ntMatch4.0sp1terminal_server

microsoftwindows_ntMatch4.0sp1workstation

microsoftwindows_ntMatch4.0sp2enterprise_server

microsoftwindows_ntMatch4.0sp2server

microsoftwindows_ntMatch4.0sp2terminal_server

microsoftwindows_ntMatch4.0sp2workstation

microsoftwindows_ntMatch4.0sp3enterprise_server

microsoftwindows_ntMatch4.0sp3server

microsoftwindows_ntMatch4.0sp3terminal_server

microsoftwindows_ntMatch4.0sp3workstation

microsoftwindows_ntMatch4.0sp4enterprise_server

microsoftwindows_ntMatch4.0sp4server

microsoftwindows_ntMatch4.0sp4terminal_server

microsoftwindows_ntMatch4.0sp4workstation

microsoftwindows_ntMatch4.0sp5enterprise_server

microsoftwindows_ntMatch4.0sp5server

microsoftwindows_ntMatch4.0sp5terminal_server

microsoftwindows_ntMatch4.0sp5workstation

microsoftwindows_ntMatch4.0sp6aenterprise_server

microsoftwindows_ntMatch4.0sp6aserver

microsoftwindows_ntMatch4.0sp6aworkstation

microsoftwindows_xpgoldprofessional

CPENameOperatorVersion
microsoft:windows_2000microsoft windows 2000eq*
microsoft:windows_ntmicrosoft windows nteq4.0
microsoft:windows_xpmicrosoft windows xpeq*

CPE	Name	Operator	Version
microsoft:windows_2000	microsoft windows 2000	eq	*
microsoft:windows_nt	microsoft windows nt	eq	4.0
microsoft:windows_xp	microsoft windows xp	eq	*

References

cert.uni-stuttgart.de/archive/bugtraq/2002/01/msg00278.html

support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq188700

www.heysoft.de/nt/lbh.htm

www.securityfocus.com/bid/3933

6.9 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

44.8%

JSON

Related for CVE-2002-2028

cvelist1 nvd1