CVE-2000-0402

LOW severity · CVSS 2.1

2.1CVSS LOW

Summary

The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability.

Impact & exploitability

Attack vectorLocal

Attack complexityLow

Privileges required—

User interaction—

Confidentiality impact—

Integrity impactNone

Availability impactNone

Exploit probability (EPSS)78%

AV:L/AC:L/Au:N/C:P/I:N/A:N

Affected products we track (1)

Microsoft SQL Server

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Additional information

NVD record
http://www.microsoft.com/technet/support/kb.asp?ID=263968
http://www.securityfocus.com/bid/1281
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-035
http://www.microsoft.com/technet/support/kb.asp?ID=263968
http://www.securityfocus.com/bid/1281
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-035