MS01-011 / MS01-036: LDAP over SSL Arbitrary User Password Modification (287397 / 299687)
Critical Nessus Plugin ID 10619
SynopsisA bug in Windows 2000 may allow an attacker to change the password of a third-party user.
DescriptionThe remote version of Windows 2000 contains a bug in its LDAP implementation that fails to validate the permissions of a user requesting to change the password of a third-party user.
An attacker may exploit this vulnerability to gain unauthorized access to the remote host.
SolutionMicrosoft has released a set of patches for Windows 2000.