Vulnerability Description
Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Sql Server | 6.0 |
Related Weaknesses (CWE)
References
- http://online.securityfocus.com/archive/1/298361Broken LinkThird Party AdvisoryVDB Entry
- http://www.iss.net/security_center/static/10542.phpBroken Link
- http://www.nextgenss.com/papers/tp-SQL2000.pdfBroken Link
- http://www.securityfocus.com/bid/6097Broken LinkThird Party AdvisoryVDB Entry
- http://online.securityfocus.com/archive/1/298361Broken LinkThird Party AdvisoryVDB Entry
- http://www.iss.net/security_center/static/10542.phpBroken Link
- http://www.nextgenss.com/papers/tp-SQL2000.pdfBroken Link
- http://www.securityfocus.com/bid/6097Broken LinkThird Party AdvisoryVDB Entry
FAQ
What is CVE-2002-1872?
CVE-2002-1872 is a vulnerability with a CVSS score of 7.5 (HIGH). Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.
How severe is CVE-2002-1872?
CVE-2002-1872 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1872?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Sql Server.