CVE-2002-2028 Information

Description

The screensaver on Windows NT 4.0 2000 XP and 2002 does not verify if a domain account has already been locked when a valid password is provided which makes it easier for users with physical access to conduct brute force password guessing.

Reference

http://cert.uni-stuttgart.de/archive/bugtraq/2002/01/msg00278.html http://support.microsoft.com/default.aspx?scid=kb;EN-US;q188700 http://www.heysoft.de/nt/lbh.htm http://www.securityfocus.com/bid/3933