CVE-2002-2028

2005-07-1404:00:00

mitre

www.cve.org

screensaver

authentication

vulnerability

windows nt 4.0

windows 2000

windows xp

AI Score

6.5

Confidence

Low

EPSS

0.002

Percentile

57.6%

JSON

The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing.

References

cert.uni-stuttgart.de/archive/bugtraq/2002/01/msg00278.html

support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq188700

www.heysoft.de/nt/lbh.htm

www.securityfocus.com/bid/3933