PT-2000-1181 · Microsoft · Sql Server

Published

2000-03-14

Updated

2008-09-10

CVE-2000-0199

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Microsoft SQL Server version 7.0

Description The issue concerns the storage of login credentials in Microsoft SQL Server 7.0 when registered in Enterprise Manager. If the "Always prompt for login name and password" option is not set, Enterprise Manager uses weak encryption to store the login ID and password.

Recommendations For Microsoft SQL Server version 7.0, enable the "Always prompt for login name and password" option in Enterprise Manager to prevent the use of weak encryption for storing login credentials.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2000-0199

Affected Products

Sql Server

PT-2000-1181 · Microsoft · Sql Server

CVE-2000-0199

Related Identifiers

Affected Products

References · 2