Vulnerabilities > CVE-2001-1302 - Unspecified vulnerability in Microsoft Windows 2000

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

local

low complexity

microsoft

NVD

Published: 2001-07-18

Updated: 2019-04-30

Summary

The change password option in the Windows Security interface for Windows 2000 allows attackers to use the option to attempt to change passwords of other users on other systems or identify valid accounts by monitoring error messages, possibly due to a problem in the NetuserChangePassword function.

Vulnerable Configurations

Part	Description	Count
OS	Microsoft Microsoft Windows 2000 *	3

References

http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0107&L=ntbugtraq&F=P&S=&P=1911
http://www.securityfocus.com/bid/3063
https://exchange.xforce.ibmcloud.com/vulnerabilities/6876