CVE-1999-1556

Name of the Vulnerable Software and Affected Versions Microsoft SQL Server version 6.5

Description The issue concerns weak encryption used for the password of the SQLExecutiveCmdExec account, which is stored in an accessible part of the registry. This could potentially allow local users to gain privileges by reading and decrypting the CmdExecAccount value.

Recommendations For Microsoft SQL Server version 6.5, consider restricting access to the registry to minimize the risk of exploitation. As a temporary workaround, limit privileges for local users to reduce the potential impact of this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.