Lucene search
HistoryJul 12, 2000 - 4:00 a.m.
CVE-2000-0402
microsoft
sql server 7.0
vulnerability
plaintext password
log file
service pack password
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
7 High
AI Score
Confidence
Low
0.732 High
EPSS
Percentile
98.1%
The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the “SQL Server 7.0 Service Pack Password” vulnerability.
Affected configurations
Node
microsoftsql_serverMatch7.0
ORmicrosoftsql_serverMatch7.0sp1
ORmicrosoftsql_serverMatch7.0sp2
| CPE | Name | Operator | Version |
|---|---|---|---|
| microsoft:sql_server | microsoft sql server | eq | 7.0 |
Related
nessus
nessus
MS00-035: MS SQL7.0 Service Pack may leave passwords on system (263968)
2003-03-09 00:00:00
packetstorm
packetstorm
Microsoft SQL Server Payload Execution
2009-11-26 00:00:00
Microsoft SQL Server Payload Execution via SQL injection
2011-01-29 00:00:00
exploitpack
exploitpack
Microsoft SQL Server 2000 - User Authentication Remote Buffer Overflow
2002-08-06 00:00:00
cvelist
cvelist
CVE-2000-0402
2000-07-12 04:00:00
seebug
seebug
nvd
nvd
CVE-2000-0402
2000-05-30 04:00:00
exploitdb
exploitdb
Microsoft SQL Server 2000 - User Authentication Remote Buffer Overflow
2002-08-06 00:00:00
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
7 High
AI Score
Confidence
Low
0.732 High
EPSS
Percentile
98.1%
Related for CVE-2000-0402