CVE-2002-1872Inadequate Encryption Strength in Microsoft SQL Server

CWE-326Inadequate Encryption Strength3 documents3 sources
Severity
7.5HIGHNVD
EPSS
1.2%
top 21.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft SQL Server
Timeline
PublishedDec 31
Latest updateApr 30

Description

Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDmicrosoft/sql_server4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-pp2f-p95f-2xhx: Microsoft SQL Server 62022-04-30
CVEList
CVE-2002-1872: Microsoft SQL Server 62005-06-28
CVE-2002-1872 — Inadequate Encryption Strength | cvebase