CVE-2001-1302

Name of the Vulnerable Software and Affected Versions: Windows 2000

Description: The issue concerns the change password option in the Windows Security interface, which allows attackers to attempt to change passwords of other users on other systems or identify valid accounts by monitoring error messages. This is possibly due to a problem in the NetuserChangePassword function.

Recommendations: For Windows 2000, at the moment, there is no information about a newer version that contains a fix for this vulnerability.