CVE-2000-0402
Microsoft SQL Server 7.0 - Info Disclosure
Title source: llmDescription
The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability.
Exploits (4)
metasploit
WORKING POC
EXCELLENT
by David Kennedy · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/mssql/mssql_payload.rb
metasploit
WORKING POC
EXCELLENT
by David Kennedy · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/mssql/mssql_payload_sqli.rb
Scores
EPSS
0.7848
EPSS Percentile
99.0%
Details
Status
published
Products (1)
microsoft/sql_server
7.0 (3 CPE variants)
Published
May 30, 2000
Tracked Since
Feb 18, 2026