CVE-2002-1872
HIGHMicrosoft SQL Server 6.0-2000 - Weak Password Encryption via XOR
Title source: llmDescription
Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.
References (4)
Core 4
Core References
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/6097
Broken Link vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/10542.php
Broken Link, Third Party Advisory, VDB Entry, Vendor Advisory mailing-list
x_refsource_bugtraq
http://online.securityfocus.com/archive/1/298361
Broken Link x_refsource_misc
http://www.nextgenss.com/papers/tp-SQL2000.pdf
Scores
CVSS v3
7.5
EPSS
0.0595
EPSS Percentile
92.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-326
Status
published
Products (4)
microsoft/sql_server
6.0
microsoft/sql_server
6.5
microsoft/sql_server
7.0 (5 CPE variants)
microsoft/sql_server
2000 (3 CPE variants)
Published
Dec 31, 2002
Tracked Since
Feb 18, 2026