ID |
CVE-2000-0199
|
Summary |
When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 7.2 (as of 10-09-2008 - 19:03) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
LOCAL |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
COMPLETE |
COMPLETE |
COMPLETE |
|
cvss-vector
via4
|
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
refmap
via4
|
bid | 1055 | iss | 20000314 Vulnerability in Microsoft SQL Server 7.0 Encryption Used to Store Administrative Login ID |
|
Last major update |
10-09-2008 - 19:03 |
Published |
14-03-2000 - 05:00 |
Last modified |
10-09-2008 - 19:03 |