Microsoft Windows 2000 allows an attacker to bypass password policy

win2k-password-bypass-policy (8402) The risk level is classified as MediumMedium Risk


Microsoft Windows could allow a local attacker to bypass password security policies. Windows 2000 allows network administrators to implement security policies that require users to change expired passwords and limit users from using any previous passwords. This allows a local attacker to bypass this policy by changing the password before it expires.


Bypass Security


No remedy available as of September 1, 2014.


  • BugTraq Mailing List, Thu Mar 07 2002 - 01:40:51 CST: Windows 2000 password policy bypass possibility.
  • BID-4256: Microsoft Windows 2000 Password Policy Bypass Vulnerability
  • CVE-2002-0443: Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords.
  • OSVDB ID: 13424: Microsoft Windows 2000 Current Password Change Policy Bypass

Platforms Affected:

  • Microsoft Windows 2000


Mar 07, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page