Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2000-0402 | First vendor Publication | 2000-05-30 |
Vendor | Cve | Last vendor Modification | 2018-10-12 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 2.1 | Attack Range | Local |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0402 |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
ExploitDB Exploits
id | Description |
---|---|
2002-08-06 | Microsoft SQL Server 2000 User Authentication Remote Buffer Overflow Vulnerab... |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
557 | MS-SQL Passwordless Admin Account Microsoft SQL Server versions 7 and 2000, along with Microsoft Data Engine (MSDE), by default installs an admin account ('sa') with a blank or null password. Using this account, it is possible for an intruder to modify and delete information stored in the database and may be able to run commands at the operating system level through the xp_cmdshell stored procedure. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2003-03-09 | Name : The remote SQL server is vulnerable to an information disclosure attack. File : smb_nt_ms00-035.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Source | Url |
---|---|
BID | http://www.securityfocus.com/bid/1281 |
MS | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00... |
MSKB | http://www.microsoft.com/technet/support/kb.asp?ID=263968 |
Alert History
Date | Informations |
---|---|
2024-02-02 01:01:25 |
|
2024-02-01 12:01:12 |
|
2023-09-05 12:01:22 |
|
2023-09-05 01:01:04 |
|
2023-09-02 12:01:23 |
|
2023-09-02 01:01:04 |
|
2023-08-12 12:01:42 |
|
2023-08-12 01:01:04 |
|
2023-08-11 12:01:26 |
|
2023-08-11 01:01:05 |
|
2023-08-06 12:01:18 |
|
2023-08-06 01:01:05 |
|
2023-08-04 12:01:22 |
|
2023-08-04 01:01:04 |
|
2023-07-14 12:01:21 |
|
2023-07-14 01:01:05 |
|
2023-03-29 01:01:19 |
|
2023-03-28 12:01:10 |
|
2022-10-11 12:01:12 |
|
2022-10-11 01:00:58 |
|
2021-05-04 12:01:08 |
|
2021-04-22 01:01:21 |
|
2020-05-23 13:16:43 |
|
2020-05-23 00:14:23 |
|
2018-10-13 00:22:22 |
|
2014-02-17 10:23:02 |
|
2013-05-11 12:00:11 |
|