CVE-2001-0502

Name of the Vulnerable Software and Affected Versions: Windows 2000 (affected versions not specified)

Description: The issue concerns a function in Windows 2000 LDAP Server that does not properly check user request permissions when the directory principal is a domain user and the data attribute is the domain password. This allows local users to modify the login password of other users.

Recommendations: For Windows 2000, consider restricting access to the LDAP server to minimize the risk of exploitation. As a temporary workaround, limit the ability of local users to modify domain user passwords until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.