PT-2000-1344 · Microsoft · Sql Server

Published

2000-05-30

Updated

2018-10-12

CVE-2000-0402

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Microsoft SQL Server version 7.0

Description The Mixed Mode authentication capability in Microsoft SQL Server stores the System Administrator (sa) account in plaintext in a log file. This log file is readable by any user.

Recommendations For Microsoft SQL Server version 7.0, consider restricting access to the log file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2000-0402

Affected Products

Sql Server

PT-2000-1344 · Microsoft · Sql Server

CVE-2000-0402

Related Identifiers

Affected Products

References · 8