CVE-2002-1872

Description

Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected products

Microsoft / sql_server6.0 – 6.0
Microsoft / sql_server6.5 – 6.5
Microsoft / sql_server7.0 – 7.0
Microsoft / sql_server7.0 – 7.0
Microsoft / sql_server7.0 – 7.0
Microsoft / sql_server7.0 – 7.0
Microsoft / sql_server7.0 – 7.0
Microsoft / sql_server2000 – 2000
Microsoft / sql_server2000 – 2000
Microsoft / sql_server2000 – 2000

References

MISChttp://www.securityfocus.com/bid/6097
MISChttp://www.iss.net/security_center/static/10542.php
MISChttp://online.securityfocus.com/archive/1/298361
MISChttp://www.nextgenss.com/papers/tp-SQL2000.pdf