Lucene search

[email protected]CVE-2001-0502

HistoryMar 09, 2002 - 5:00 a.m.

CVE-2001-0502

2002-03-0905:00:00

[email protected]

web.nvd.nist.gov

cve-2001-0502

windows 2000

ldap server

ssl

user permissions

local users

password modification.

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Running Windows 2000 LDAP Server over SSL, a function does not properly check the permissions of a user request when the directory principal is a domain user and the data attribute is the domain password, which allows local users to modify the login password of other users.

Affected configurations

NVD

Node

microsoftwindows_2000

CPENameOperatorVersion
microsoft:windows_2000microsoft windows 2000eq*

CPE	Name	Operator	Version
microsoft:windows_2000	microsoft windows 2000	eq	*

References

www.ciac.org/ciac/bulletins/l-101.shtml

www.securityfocus.com/bid/2929

docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-036

exchange.xforce.ibmcloud.com/vulnerabilities/6745

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2001-0502

nessus1 cvelist1 nvd1