CVE-2001-1570 in Windows
Summary
by MITRE
Windows XP with fast user switching and account lockout enabled allows local users to deny user account access by setting the fast user switch to the same user (self) multiple times, which causes other accounts to be locked out.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 06/16/2024
This vulnerability exists in Microsoft Windows XP operating systems when fast user switching functionality is enabled alongside account lockout policies. The flaw represents a privilege escalation and denial of service condition that exploits the interaction between user session management and account security mechanisms. The vulnerability is classified under CWE-305 Authentication Bypass and falls within the ATT&CK technique T1550.3 for use of valid accounts, as it leverages legitimate user account access to create unauthorized account lockouts.
The technical implementation of this vulnerability stems from how Windows XP handles fast user switching when multiple sessions are active. When a user selects the fast user switch option, the system creates a new session for the selected user account. However, when the same user account is repeatedly selected for switching, the system incorrectly processes these repeated switches as failed login attempts. This misconfiguration causes the account lockout mechanism to trigger prematurely, locking out legitimate users who are attempting to access the system through normal means.
The operational impact of this vulnerability extends beyond simple account lockout scenarios. Local users can exploit this weakness to effectively lock out other legitimate accounts on the system, creating a denial of service condition that prevents authorized personnel from accessing their accounts. This vulnerability is particularly concerning in multi-user environments where administrators may not immediately notice the account lockouts or where users may be unaware of the specific actions that triggered the lockouts. The vulnerability affects systems where both fast user switching and account lockout policies are enabled simultaneously, creating a dangerous interaction between system security features.
The attack vector requires local access to the system and knowledge of the specific account management settings that enable both fast user switching and account lockout functionality. This vulnerability demonstrates poor input validation and session management in the Windows XP authentication subsystem, where the system fails to properly distinguish between legitimate session switching operations and potentially malicious login attempts. The vulnerability also highlights the importance of understanding how security policies interact with each other, as the account lockout policy was not designed to account for legitimate fast user switching operations. Organizations should implement proper monitoring of account lockout events and consider disabling fast user switching in environments where account lockout policies are enabled to prevent exploitation of this vulnerability.