CVE-2000-1209

2002-08-1204:00:00

mitre

web.nvd.nist.gov

microsoft sql server

null password

remote attack

data engine

privileges

worms

spida

voyager alpha force.

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

Low

EPSS

0.957

Percentile

99.4%

JSON

The “sa” account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.

Affected configurations

Nvd

Node

compaqinsight_managerMatch7.0

compaqinsight_managerMatch7.0sp1

compaqinsight_manager_xeMatch1.1

compaqinsight_manager_xeMatch1.21

compaqinsight_manager_xeMatch2.1

compaqinsight_manager_xeMatch2.1b

compaqinsight_manager_xeMatch2.1c

compaqinsight_manager_xeMatch2.2

microsoftdata_engineMatch1.0

microsoftmsdeMatch2000

VendorProductVersionCPE
compaqinsight_manager7.0cpe:2.3:a:compaq:insight_manager:7.0:*:*:*:*:*:*:*
compaqinsight_manager7.0cpe:2.3:a:compaq:insight_manager:7.0:sp1:*:*:*:*:*:*
compaqinsight_manager_xe1.1cpe:2.3:a:compaq:insight_manager_xe:1.1:*:*:*:*:*:*:*
compaqinsight_manager_xe1.21cpe:2.3:a:compaq:insight_manager_xe:1.21:*:*:*:*:*:*:*
compaqinsight_manager_xe2.1cpe:2.3:a:compaq:insight_manager_xe:2.1:*:*:*:*:*:*:*
compaqinsight_manager_xe2.1bcpe:2.3:a:compaq:insight_manager_xe:2.1b:*:*:*:*:*:*:*
compaqinsight_manager_xe2.1ccpe:2.3:a:compaq:insight_manager_xe:2.1c:*:*:*:*:*:*:*
compaqinsight_manager_xe2.2cpe:2.3:a:compaq:insight_manager_xe:2.2:*:*:*:*:*:*:*
microsoftdata_engine1.0cpe:2.3:a:microsoft:data_engine:1.0:*:*:*:*:*:*:*
microsoftmsde2000cpe:2.3:a:microsoft:msde:2000:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
compaq	insight_manager	7.0	cpe:2.3:a:compaq:insight_manager:7.0:::::::*
compaq	insight_manager	7.0	cpe:2.3:a:compaq:insight_manager:7.0:sp1::::::
compaq	insight_manager_xe	1.1	cpe:2.3:a:compaq:insight_manager_xe:1.1:::::::*
compaq	insight_manager_xe	1.21	cpe:2.3:a:compaq:insight_manager_xe:1.21:::::::*
compaq	insight_manager_xe	2.1	cpe:2.3:a:compaq:insight_manager_xe:2.1:::::::*
compaq	insight_manager_xe	2.1b	cpe:2.3:a:compaq:insight_manager_xe:2.1b:::::::*
compaq	insight_manager_xe	2.1c	cpe:2.3:a:compaq:insight_manager_xe:2.1c:::::::*
compaq	insight_manager_xe	2.2	cpe:2.3:a:compaq:insight_manager_xe:2.2:::::::*
microsoft	data_engine	1.0	cpe:2.3:a:microsoft:data_engine:1.0:::::::*
microsoft	msde	2000	cpe:2.3:a:microsoft:msde:2000:::::::*