CVE-2002-2028

The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing.

Published: Dec 31, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-2028
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / windows_nt	4.0-sp5	4.0-sp5.x
microsoft / windows_nt	4.0-sp3	4.0-sp3.x
microsoft / windows_nt	4.0-sp6a	4.0-sp6a.x
microsoft / windows_xp	-	-
microsoft / windows_2000	-	-
microsoft / windows_nt	4.0	4.0.x
microsoft / windows_nt	4.0-sp1	4.0-sp1.x
microsoft / windows_nt	4.0-sp4	4.0-sp4.x
microsoft / windows_nt	4.0-sp2	4.0-sp2.x

http://cert.uni-stuttgart.de/archive/bugtraq/2002/01/msg00278.html
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q188700
http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq188700
http://www.heysoft.de/nt/lbh.htm
http://www.securityfocus.com/bid/3933

Vulnerability Database

289,599

CVE-2002-2028