First published: Tue Mar 14 2000(Updated: )
When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft SQL Server | =7.0 | |
=7.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2000-0199 has a medium severity rating due to weak encryption of login credentials.
To fix CVE-2000-0199, ensure that the "Always prompt for login name and password" option is enabled in SQL Server 7.0.
CVE-2000-0199 specifically affects Microsoft SQL Server 7.0.
CVE-2000-0199 can lead to unauthorized access as login ID and passwords are stored with weak encryption.
Yes, using Microsoft SQL Server 7.0 with default settings presents a risk of credential exposure due to weak encryption.