CVE-2000-1200

Medium

5/10

Summary

Windows NT allows remote attackers to list all users in a domain by obtaining the domain SID with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users.

Access Complexity: LOW
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: NONE
Confidentiality Impact: PARTIAL
Availability Impact: NONE

References

Advisory Timeline

Published Aug 31, 2001

CVE-2000-1200

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS