First published: Mon Jun 29 1998(Updated: )
Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft SQL Server | =6.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-1999-1556 is considered high due to its potential for privilege escalation through weak encryption.
To fix CVE-1999-1556, it is recommended to upgrade to a more secure version of Microsoft SQL Server as the encryption method in version 6.5 is inadequate.
CVE-1999-1556 affects users running Microsoft SQL Server 6.5, particularly those with access to the registry.
CVE-1999-1556 is an encryption vulnerability that allows local users to access sensitive information and escalate privileges.
Yes, local users can exploit CVE-1999-1556 by reading the decrypted password stored in an accessible part of the registry.