What is the severity of CVE-2002-2028?

CVE-2002-2028 is considered a high severity vulnerability due to the ease of physical access exploitation.

How do I fix CVE-2002-2028?

To fix CVE-2002-2028, ensure that screensavers are configured to require a password and limit physical access to workstations.

What systems are affected by CVE-2002-2028?

CVE-2002-2028 affects Windows NT 4.0, Windows 2000, Windows XP, and their various service pack versions.

What type of attack can CVE-2002-2028 facilitate?

CVE-2002-2028 can facilitate brute force password guessing attacks when a user has physical access to the device.

Is CVE-2002-2028 still relevant today?

While CVE-2002-2028 primarily affects older operating systems, understanding its implications is important for legacy system management.

Vulnerability/
CVE-2002-2028

low

2.1

CWE

NVD-CWE-Other

31/12/2002

3/10/2022

8/8/2024

CVE-2002-2028

First published: Tue Dec 31 2002(Updated: )

The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Microsoft Windows NT	=4.0-sp5
Microsoft Windows NT	=4.0-sp3
Microsoft Windows NT	=4.0-sp6a
Microsoft Windows XP	=gold
Microsoft Windows 2000
Microsoft Windows NT	=4.0
Microsoft Windows NT	=4.0-sp1
Microsoft Windows NT	=4.0-sp3
Microsoft Windows NT	=4.0-sp4
Microsoft Windows NT	=4.0-sp5
Microsoft Windows 2000	=sp2
Microsoft Windows NT	=4.0
Microsoft Windows NT	=4.0-sp4
Microsoft Windows NT	=4.0-sp2
Microsoft Windows NT	=4.0-sp6a
Microsoft Windows NT	=4.0
Microsoft Windows NT	=4.0-sp4
Microsoft Windows NT	=4.0-sp2
Microsoft Windows NT	=4.0-sp1
Microsoft Windows 2000	=sp1
Microsoft Windows NT	=4.0-sp4
Microsoft Windows NT	=4.0-sp3
Microsoft Windows NT	=4.0-sp1
Microsoft Windows NT	=4.0-sp2
Microsoft Windows NT	=4.0-sp5
Microsoft Windows NT	=4.0-sp1
Microsoft Windows NT	=4.0
Microsoft Windows NT	=4.0-sp6a
Microsoft Windows NT	=4.0-sp3
Microsoft Windows NT	=4.0-sp5
Microsoft Windows NT	=4.0-sp2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2002-2028?
CVE-2002-2028 is considered a high severity vulnerability due to the ease of physical access exploitation.
How do I fix CVE-2002-2028?
To fix CVE-2002-2028, ensure that screensavers are configured to require a password and limit physical access to workstations.
What systems are affected by CVE-2002-2028?
CVE-2002-2028 affects Windows NT 4.0, Windows 2000, Windows XP, and their various service pack versions.
What type of attack can CVE-2002-2028 facilitate?
CVE-2002-2028 can facilitate brute force password guessing attacks when a user has physical access to the device.
Is CVE-2002-2028 still relevant today?
While CVE-2002-2028 primarily affects older operating systems, understanding its implications is important for legacy system management.

collector/nvd-historical
collector/nvd-index
collector/nvd-api
agent/author
agent/type
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/severity
agent/weakness
agent/references
agent/last-modified-date
agent/description
agent/event
agent/tags
agent/source
vendor/microsoft
canonical/microsoft windows nt
version/microsoft windows nt/4.0-sp5
version/microsoft windows nt/4.0-sp3
version/microsoft windows nt/4.0-sp6a
canonical/microsoft windows xp
version/microsoft windows xp/gold
canonical/microsoft windows 2000
version/microsoft windows nt/4.0
version/microsoft windows nt/4.0-sp1
version/microsoft windows nt/4.0-sp4
version/microsoft windows 2000/sp2
version/microsoft windows nt/4.0-sp2
version/microsoft windows 2000/sp1