Lucene search
HistoryMay 30, 2000 - 4:00 a.m.
CVE-2000-0402
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
7.1 High
AI Score
Confidence
Low
0.732 High
EPSS
Percentile
98.1%
The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the “SQL Server 7.0 Service Pack Password” vulnerability.
Affected configurations
Node
microsoftsql_serverMatch7.0
ORmicrosoftsql_serverMatch7.0sp1
ORmicrosoftsql_serverMatch7.0sp2
Related
cve
cve
CVE-2000-0402
2000-07-12 04:00:00
nessus
nessus
MS00-035: MS SQL7.0 Service Pack may leave passwords on system (263968)
2003-03-09 00:00:00
packetstorm
packetstorm
Microsoft SQL Server Payload Execution
2009-11-26 00:00:00
Microsoft SQL Server Payload Execution via SQL injection
2011-01-29 00:00:00
cvelist
cvelist
CVE-2000-0402
2000-07-12 04:00:00
exploitpack
exploitpack
Microsoft SQL Server 2000 - User Authentication Remote Buffer Overflow
2002-08-06 00:00:00
seebug
seebug
exploitdb
exploitdb
Microsoft SQL Server 2000 - User Authentication Remote Buffer Overflow
2002-08-06 00:00:00
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
7.1 High
AI Score
Confidence
Low
0.732 High
EPSS
Percentile
98.1%
Related for NVD:CVE-2000-0402