Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Microsoft Windows 2000 Domains With Eight Characters May Let Remote Users With Expired Passwords Login
|
|
SecurityTracker Alert ID: 1010352
|
|
SecurityTracker URL: http://securitytracker.com/id?1010352
|
|
CVE Reference: CAN-2004-0540
(Links to External Site)
|
Updated: Jun 8 2004
|
Original Entry Date: Jun 1 2004
|
Impact: User access via network
|
Fix Available: Yes
Exploit Included: Yes
Vendor Confirmed: Yes
|
Version(s): Windows 2000 Server, Advanced Server, and Professional
|
Description: A vulnerability was reported in Microsoft Windows 2000. A remote user with an expired password may be able to login in certain cases.
Microsoft reported that if the fully qualified domain name (FQDN) is exactly eight characters long, then a remote user with a previously valid but now expired password can login to the Microsoft Windows 2000 domain.
|
Impact: A remote user may be able to login to the domain with an expired password.
|
Solution: Microsoft has issued a hotfix, available from Microsoft Product Support Services (PSS). PSS contact information is available at:
http://support.microsoft.com/default.a
spx?scid=fh;[LN];CNTACTMS
The vendor indicates that no prerequisites are required and that you must restart your computer after
applying this hotfix.
The vendor has released the following article regarding the vulnerability:
http://support.microsoft.com/default.aspx?scid=kb;en-us;830847
|
Vendor URL: support.microsoft.com/default.aspx?scid=kb;en-us;830847 (Links to External Site)
|
Cause: Authentication error, State error
|
Underlying OS: Windows (2000)
|
Reported By: <albatross@tim.it>
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: 31 May 2004 10:18:47 -0000
From: <albatross@tim.it>
Subject: Users who have expired passwords can still log on to the domain
|
SYMPTOMS
Users who have expired passwords can unexpectedly log on to the Microsoft Windows 2000 domain.
CAUSE
This issue occurs if the fully qualified domain name (FQDN) is exactly eight characters long.
RESOLUTION
Hotfix information
A supported hotfix is now available from Microsoft, but it is only intended to correct the problem th
at is described in this article.
Only apply it to systems that are experiencing this specific problem. This hotfix may receive additi
onal testing. Therefore, if you
are not severely affected by this problem, Microsoft recommends that you wait for the next Microsoft
Windows 2000 service pack that
contains this hotfix.
To resolve this problem immediately, contact Microsoft Product Support Services to obtain the hotfix.
For a complete list of Microsoft
Product Support Services phone numbers and information about support costs, visit the following Micr
osoft Web site:
http://support.microsoft.com/default.aspx?scid=fh;[LN];CNTACTMS
Note In special cases, charges that are ordinarily incurred for support calls may be canceled if a Mi
crosoft Support Professional
determines that a specific update will resolve your problem. The usual support costs will apply to a
dditional support questions and
issues that do not qualify for the specific update in question.
Prerequisites
No prerequisites are required.
Restart requirement
You must restart your computer after you apply this hotfix.
Hotfix replacement information
This hotfix does not replace any other hotfixes.
File information
The English version of this hotfix has the file attributes (or later) that are listed in the followin
g table. The dates and times
for these files are listed in coordinated universal time (UTC). When you view the file information,
it is converted to local time.
To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool i
n Control Panel. Date
Time Version Size File name
-----------------------------------------------------------
14-Nov-2003 23:57 5.0.2195.6824 124,688 Adsldp.dll
14-Nov-2003 23:57 5.0.2195.6824 132,368 Adsldpc.dll
14-Nov-2003 23:57 5.0.2195.6824 63,760 Adsmsext.dll
14-Nov-2003 23:57 5.0.2195.6824 381,712 Advapi32.dll
14-Nov-2003 23:57 5.0.2195.6866 69,904 Browser.dll
14-Nov-2003 23:57 5.0.2195.6824 136,464 Dnsapi.dll
14-Nov-2003 23:57 5.0.2195.6824 96,016 Dnsrslvr.dll
14-Nov-2003 23:57 5.0.2195.6866 47,376 Eventlog.dll
14-Nov-2003 23:57 5.0.2195.6871 148,240 Kdcsvc.dll
05-Nov-2003 19:32 5.0.2195.6871 205,584 Kerberos.dll
21-Sep-2003 00:32 5.0.2195.6824 71,888 Ksecdd.sys
29-Oct-2003 06:45 5.0.2195.6869 511,248 Lsasrv.dll
29-Oct-2003 06:45 5.0.2195.6869 33,552 Lsass.exe
17-Oct-2003 00:33 5.0.2195.6866 114,960 Msv1_0.dll
14-Nov-2003 23:57 5.0.2195.6866 307,984 Netapi32.dll
14-Nov-2003 23:57 5.0.2195.6863 361,232 Netlogon.dll
14-Nov-2003 23:57 5.0.2195.6874 931,600 Ntdsa.dll
14-Nov-2003 23:57 5.0.2195.6824 392,464 Samsrv.dll
14-Nov-2003 23:57 5.0.2195.6824 113,936 Scecli.dll
14-Nov-2003 23:57 5.0.2195.6824 259,856 Scesrv.dll
14-Nov-2003 23:57 5.0.2195.6824 48,912 W32time.dll
21-Sep-2003 00:32 5.0.2195.6824 57,104 W32tm.exe
14-Nov-2003 23:57 5.0.2195.6869 126,224 Wldap32.dll
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "
Applies to" section.
MORE INFORMATION
For additional information about how hotfix packages are named, click the following article number to
view the article in the Microsoft
Knowledge Base:
816915 New file naming schema for Microsoft Windows software update packages
For additional information, click the following article number to view the article in the Microsoft K
nowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates
The information in this article applies to:
Microsoft Windows 2000 Advanced Server
|
|
Go to the Top of This SecurityTracker Archive Page
|
