CVE-1999-1556: Weak Encryption
First published: Mon Jun 29 1998(Updated: )
Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft SQL Server | =6.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-1999-1556?
The severity of CVE-1999-1556 is considered high due to its potential for privilege escalation through weak encryption.
How do I fix CVE-1999-1556?
To fix CVE-1999-1556, it is recommended to upgrade to a more secure version of Microsoft SQL Server as the encryption method in version 6.5 is inadequate.
Who is affected by CVE-1999-1556?
CVE-1999-1556 affects users running Microsoft SQL Server 6.5, particularly those with access to the registry.
What type of vulnerability is CVE-1999-1556?
CVE-1999-1556 is an encryption vulnerability that allows local users to access sensitive information and escalate privileges.
Can local users exploit CVE-1999-1556?
Yes, local users can exploit CVE-1999-1556 by reading the decrypted password stored in an accessible part of the registry.
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/weakness
- agent/description
- agent/event
- agent/author
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft sql server
- version/microsoft sql server/6.5