Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0402Microsoft SQL Server vulnerability

5 documents4 sources
Severity
2.1LOWNVD
EPSS
78.5%
top 0.96%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft SQL Server
Timeline
PublishedMay 30
Latest updateApr 30

Description

The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-wr9w-p9gv-6q7p: The Mixed Mode authentication capability in Microsoft SQL Server 72022-04-30
CVEList
CVE-2000-0402: The Mixed Mode authentication capability in Microsoft SQL Server 72000-07-12

💥Exploits & PoCs

2
Exploit-DB
Microsoft SQL Server - Payload Execution (via SQL Injection) (Metasploit)2011-02-08
Exploit-DB
Microsoft SQL Server - Payload Execution (Metasploit)2010-12-21
CVE-2000-0402 — Microsoft SQL Server vulnerability | cvebase