CVE-2001-0502

Running Windows 2000 LDAP Server over SSL, a function does not properly check the permissions of a user request when the directory principal is a domain user and the data attribute is the domain password, which allows local users to modify the login password of other users.

Date published : 2002-03-09

http://www.securityfocus.com/bid/2929

http://www.ciac.org/ciac/bulletins/l-101.shtml