CVE-2002-0421 — Microsoft Windows NT vulnerability

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

23.7%

top 3.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows NT

Timeline

PublishedAug 12

Latest updateApr 30

Description

IIS 4.0 allows local users to bypass the "User cannot change password" policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr, (2) aexp2b.htr, (3) aexp3.htr , or (4) aexp4.htr.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/windows_nt4.0

Patches

Patch: www.iss.net ↗Patch: www.securityfocus.com ↗Patch: www.iss.net ↗

🔴Vulnerability Details

GHSA

GHSA-4whv-v2mh-gv8p: IIS 4↗2022-04-30

▶

CVEList

CVE-2002-0421: IIS 4↗2002-06-11

▶

🔍Detection Rules

Suricata

GPL EXPLOIT /iisadmpwd/aexp2.htr access↗2010-09-23

▶