NT Versions Affected:

3.5, 3.51, 4.0

Problem:

Systems can be accessed by password dictionary attacks.

The NT administrator account does not have the account lockout feature that other user accounts do. If administrator is allowed to logon from the network, a share or service can be attacked with password guessing without fear of account lockout. This attack can go unnoticed as failed logins are not logged in the event viewer by default.

Verification: