Windows NT allows remote attackers to list all users in a domain by obtaining the domain SID with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users.
| Software | From | Fixed in |
|---|---|---|
| microsoft / windows_nt | 4.0 | 4.0.x |
| microsoft / windows_nt | 4.0-sp1 | 4.0-sp1.x |
| microsoft / windows_nt | 4.0-sp2 | 4.0-sp2.x |
| microsoft / windows_nt | 4.0-sp3 | 4.0-sp3.x |
| microsoft / windows_nt | 4.0-sp4 | 4.0-sp4.x |
| microsoft / windows_nt | 4.0-sp5 | 4.0-sp5.x |
| microsoft / windows_nt | 4.0-sp6 | 4.0-sp6.x |