PT-2002-1090 · Compaq+2 · Compaq Insight Manager+5

Published

2002-08-12

Updated

2018-08-13

CVE-2000-1209

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Microsoft SQL Server 2000 SQL Server 7.0 Data Engine (MSDE) 1.0 Tumbleweed Secure Mail (MMS) Compaq Insight Manager Visio 2000

Description The issue allows remote attackers to gain privileges due to the default null password of the sa account. This has been exploited by worms such as Voyager Alpha Force and Spida.

Recommendations For Microsoft SQL Server 2000, update the sa account password to a secure value. For SQL Server 7.0, change the default sa account password. For Data Engine (MSDE) 1.0, modify the sa account to use a non-null password. For Tumbleweed Secure Mail (MMS), Compaq Insight Manager, and Visio 2000, ensure that the underlying SQL server components have secure sa account passwords configured.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2000-1209

Affected Products

Compaq Insight Manager

Data Engine (Msde) 1.0

Sql Server 2000

Sql Server 7.0

Tumbleweed Secure Mail

Visio 2000

PT-2002-1090 · Compaq+2 · Compaq Insight Manager+5

CVE-2000-1209

Related Identifiers

Affected Products

References · 17