CVE-2002-2028 — Improper Control of Interaction Frequency in Microsoft Windows NT

3 documents3 sources

Severity

2.1LOWNVD

EPSS

0.8%

top 26.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows NT

Timeline

PublishedDec 31

Latest updateApr 30

Description

The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/windows_nt4.0

🔴Vulnerability Details

GHSA

GHSA-4xg4-rgg3-px2c: The screensaver on Windows NT 4↗2022-04-30

▶

CVEList

CVE-2002-2028: The screensaver on Windows NT 4↗2005-07-14

▶