Windows 2000 Security Patch: LDAP over SSL Function Enables Password Change Vulnerability
Brief Description
This patch eliminates a vulnerability affecting Windows 2000 servers that provide LDAP services over SSL.
On This Page
Quick Details
| File Name: | Q299687_W2K_SP3_x86_en.EXE |
| Version: | Q299687 |
| Knowledge Base (KB) Articles: | KB299687 |
| Date Published: | 6/25/2001 |
| Language: | English |
| Download Size: | 2.6 MB |
| Estimated Download Time: | 7 min 56K |
|
| Change Language: | |
Overview
This patch eliminates a vulnerability affecting Windows 2000 servers that provide LDAP services over SSL. A function that allows user to change data attributes of directory principals doesn't correctly check the credentials of the requester, in the specific case where the directory principal is a user and the data attribute is the password. This could enable an attacker to change another user's logon password without proper authorization. 
Top of page
System Requirements
- Supported Operating Systems: Windows 2000
Windows 2000 Server
Windows 2000 Advanced Server Top of page
Instructions
Select "Run this Program from its Current Location" to start the install immediately. OR
Select "Save this Program to Disk" to copy the download to your machine for installation at a later time.
Top of page
Top of page
