Used Windows 2000 Domain Account Lockout Vulnerability Patch for Windows? Share your experience and help other users.
Developer’s Description
A flaw in the way that NTLM authentication operates in Windows 2000 could allow a domain account lockout policy to be bypassed on a local Windows 2000 machine, even if the domain administrator had set such a policy. The ability of a malicious user to avoid the domain account lockout policy could increase the threat from a brute force password-guessing attack.
This vulnerability only affects Windows 2000 machines that are members of non-Windows 2000 domains. In addition, the vulnerability only affects domain user accounts that have previously logged into the target machine and already have cached credentials established on that machine. If a domain account lockout policy is in place and an attacker attempts a brute force password-guessing attack, the domain user account will be locked out as expected at the domain controller. However, if the attacker is able find the correct password, the local Windows 2000 machine will log the attacker on using cached credentials in violation of the account lockout policy. Although the attacker would be able to log on to the local machine, he or she would not be able to authenticate to the domain or gain access to resources on other machines in the domain.
Used Windows 2000 Domain Account Lockout Vulnerability Patch for Windows? Share your experience and help other users.
Explore More
Excel 2002 Update: October 16, 2002
Free
StrongDisk Pro
Trial versionPassword Shield
Trial version
Windows 2000/NT 4.0 Tool: Urlscan-SRP
FreeLocklizard Safeguard PDF Writer
Trial version
Windows 2000 Security Patch: Unchecked Buffer in ISAPI Extension Could Enable Compromise of IIS 5.0
Free
ICypher
Trial versionCryptocx
Trial versionSecExMail Secure Email Encryption
Free
BitCrypt
Free
Microsoft Windows XP (32-bit) Unchecked Buffer Vulnerability Patch
Free
Windows 2000 Group Policy File Vulnerability Patch
Free
