Unrated severityNVD Advisory· Published Jul 18, 2001· Updated Apr 16, 2026

CVE-2001-1302

Description

The change password option in the Windows Security interface for Windows 2000 allows attackers to use the option to attempt to change passwords of other users on other systems or identify valid accounts by monitoring error messages, possibly due to a problem in the NetuserChangePassword function.

Affected products

Microsoft/Windows 20003 versions
cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/3063nvdVendor Advisory
www.ntbugtraq.com/default.aspnvd
exchange.xforce.ibmcloud.com/vulnerabilities/6876nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000