Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-1209

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2000-1209
Last Modified 10 Sep 2008 03:06:53
Published 12 Aug 2002 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2000-1209

Summary

The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.

Vulnerable Systems

Application

  • Compaq Insight Manager 7.0

  • Compaq Insight Manager Xe 1.1

  • Compaq Insight Manager Xe 1.21

  • Compaq Insight Manager Xe 2.1

  • Compaq Insight Manager Xe 2.1b

  • Compaq Insight Manager Xe 2.1c

  • Compaq Insight Manager Xe 2.2

  • Microsoft Data Engine 1.0

  • Microsoft Msde 2000


References

CERT-VN - VU#635463

XF - mssql-no-sapassword(1459)

CONFIRM - http://www.microsoft.com/security/security_bulletins/ms02020_sql.asp

MSKB - Q321081

MSKB - Q313418

BUGTRAQ - 20000815 MS-SQL 'sa' user exploit code

BID - 4797

OSVDB - 3570

BUGTRAQ - 20020522 Opty-Way Enterprise includes MSDE with sa

BUGTRAQ - 20000816 Released Patch: Tumbleweed Worldsecure (MMS) BLANK 'sa' account password

BUGTRAQ - 20000810 Tumbleweed Worldsecure (MMS) BLANK 'sa' account password

BUGTRAQ - 20000710 MSDE / Re: Default Password Database


Last Updated: 27 May 2016 10:36:04