Lucene search

[email protected]NVD:CVE-2002-1872

HistoryDec 31, 2002 - 5:00 a.m.

CVE-2002-1872

2002-12-3105:00:00

CWE-326

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.9 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

87.0%

JSON

Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.

Affected configurations

NVD

Node

microsoftsql_serverMatch6.0

microsoftsql_serverMatch6.5

microsoftsql_serverMatch7.0

microsoftsql_serverMatch7.0sp1

microsoftsql_serverMatch7.0sp2

microsoftsql_serverMatch7.0sp3

microsoftsql_serverMatch7.0sp4

microsoftsql_serverMatch2000

microsoftsql_serverMatch2000sp1

microsoftsql_serverMatch2000sp2

References

online.securityfocus.com/archive/1/298361

www.iss.net/security_center/static/10542.php

www.nextgenss.com/papers/tp-SQL2000.pdf

www.securityfocus.com/bid/6097

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.9 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

87.0%

JSON

Related for NVD:CVE-2002-1872

cve1 cvelist1