Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-1999-1556

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-1999-1556
Last Modified 05 Sep 2008 04:19:48
Published 29 Jun 1998 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-1999-1556

Summary

Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value.

Vulnerable Systems

Application

  • Microsoft Sql Server 6.5


References

XF - mssql-sqlexecutivecmdexec-password(7354)

BID - 109

NTBUGTRAQ - 19980629 MS SQL Server 6.5 stores password in unprotected registry keys


Last Updated: 27 May 2016 10:35:29