(Vendor Issues Update Rollup Fix) Microsoft Windows 2000 Domains With Eight Characters May Let Remote Users With Expired Passwords Login
|
|
SecurityTracker Alert ID: 1014337 |
|
SecurityTracker URL: http://securitytracker.com/id/1014337
|
|
CVE Reference:
CAN-2004-0540
(Links to External Site)
|
Date: Jun 30 2005
|
Impact:
User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): Windows 2000 Server, Advanced Server, and Professional
|
Description:
A vulnerability was reported in Microsoft Windows 2000. A remote user with an expired password may be able to login in certain cases.
Microsoft reported that if the fully qualified domain name (FQDN) is exactly eight characters long, then a remote user with a previously valid but now expired password can login to the Microsoft Windows 2000 domain.
|
Impact:
A remote user may be able to login to the domain with an expired password.
|
Solution:
Microsoft has issued a hotfix, available from Microsoft Product Support Services (PSS). A fix is also available as part of Update Rollup 1 for Microsoft Windows 2000 Service Pack 4 (SP4). More information on the rollup is available at:
http://support.microsoft.com/kb/891861
The vendor's advisory is available at:
http://www.microsoft.com/technet/security/advisory/891861.mspx
|
Vendor URL: www.microsoft.com/technet/security/advisory/891861.mspx (Links to External Site)
|
Cause:
Authentication error, State error
|
Underlying OS:
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Thu, 30 Jun 2005 01:21:28 -0400
Subject: http://www.microsoft.com/technet/security/advisory/891861.mspx
|
> Update Rollup 1 for Microsoft Windows 2000 SP4
|
|
