CVE-2000-1217

high

Description

Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login attempts, aka the "Domain Account Lockout" vulnerability.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/5585

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-089

http://www.securityfocus.com/bid/1973

http://www.kb.cert.org/vuls/id/818496

Details

Source: Mitre, NVD

Published: 2000-11-21

Updated: 2019-04-30

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High