CVE-2002-1872

Опубликовано: 31 дек. 2002

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.

Ссылки

http://online.securityfocus.com/archive/1/298361
Broken Link
Third Party Advisory
VDB Entry
Vendor Advisory
http://www.iss.net/security_center/static/10542.php
Broken Link
http://www.nextgenss.com/papers/tp-SQL2000.pdf
Broken Link
http://www.securityfocus.com/bid/6097
Broken Link
Third Party Advisory
VDB Entry
http://online.securityfocus.com/archive/1/298361
Broken Link
Third Party Advisory
VDB Entry
Vendor Advisory
http://www.iss.net/security_center/static/10542.php
Broken Link
http://www.nextgenss.com/papers/tp-SQL2000.pdf
Broken Link
http://www.securityfocus.com/bid/6097
Broken Link
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microsoft:sql_server:6.0:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:sql_server:6.5:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:sql_server:7.0:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:sql_server:7.0:sp1:*:*:*:*:*:*

cpe:2.3:a:microsoft:sql_server:7.0:sp2:*:*:*:*:*:*

cpe:2.3:a:microsoft:sql_server:7.0:sp3:*:*:*:*:*:*

cpe:2.3:a:microsoft:sql_server:7.0:sp4:*:*:*:*:*:*

cpe:2.3:a:microsoft:sql_server:2000:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:sql_server:2000:sp1:*:*:*:*:*:*

cpe:2.3:a:microsoft:sql_server:2000:sp2:*:*:*:*:*:*

EPSS

Процентиль: 78%

0.01171

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-326

Связанные уязвимости

GHSA-pp2f-p95f-2xhx