VULHUB ™

Microsoft Windows 2000 contains a flaw in the handling of telnet domain authentication. A user attempting to authenticate using a valid login name appended with specially chosen characters, will not be required to specify the domain which the account belongs. The telnet service will instead search the domain and all trusted domains for the user account. Once the account is located, the user will have to complete the authentication process. At this point brute force attacks can be used in an attempt to gain access to the domain.

Microsoft Windows 2000 contains a flaw in the handling of telnet domain authentication. A user attempting to authenticate using a valid login name appended with specially chosen characters, will not be required to specify the domain which the account belongs. The telnet service will instead search the domain and all trusted domains for the user account. Once the account is located, the user will have to complete the authentication process. At this point brute force attacks can be used in an attempt to gain access to the domain.