CVE-2002-2028

Name of the Vulnerable Software and Affected Versions Windows NT versions 4.0 Windows 2000 Windows XP Windows 2002

Description The issue concerns the screensaver on Windows operating systems, which fails to verify if a domain account has been locked when a valid password is provided. This oversight makes it easier for individuals with physical access to the system to perform brute force password guessing attacks.

Recommendations For Windows NT 4.0, consider implementing additional security measures to limit login attempts. For Windows 2000, restrict access to the system when not in use to minimize the risk of exploitation. For Windows XP, limit the number of login attempts to prevent brute force attacks. For Windows 2002, enforce strong password policies and consider using alternative authentication methods.