Directory Service Restore Mode Password Vulnerability in Microsoft 2000 Domain Controllers

Directory Service Restore Mode Password Vulnerability in Microsoft 2000 Domain Controllers

CVE-2001-0048 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability.

Learn more about our Cis Benchmark Audit For Server Software.