CVE Catalog

CVE-2000-0402

Low
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Very high risk
90.61%

100th percentile — higher than 100% of all known CVEs

Summary

The vulnerability in Microsoft SQL Server 7.0 allows the Mixed Mode authentication mechanism to store the System Administrator (sa) account password in plaintext in a log file, which is accessible to any user.

Risk Assessment

This threat enables unauthorized users to gain access to the administrator account, potentially leading to serious security breaches and data loss.

Recommendation

It is recommended to upgrade to a newer version of SQL Server and restrict access to log files to minimize the risk of password leakage.

Original NVD description (English source)

The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS