CVE-2000-0199: Weak Encryption
First published: Tue Mar 14 2000(Updated: )
When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft SQL Server | =7.0 | |
| =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2000-0199?
CVE-2000-0199 has a medium severity rating due to weak encryption of login credentials.
How do I fix CVE-2000-0199?
To fix CVE-2000-0199, ensure that the "Always prompt for login name and password" option is enabled in SQL Server 7.0.
What software versions are affected by CVE-2000-0199?
CVE-2000-0199 specifically affects Microsoft SQL Server 7.0.
What vulnerabilities are associated with weak encryption in CVE-2000-0199?
CVE-2000-0199 can lead to unauthorized access as login ID and passwords are stored with weak encryption.
Is there a risk if I use Microsoft SQL Server 7.0 with the default settings in CVE-2000-0199?
Yes, using Microsoft SQL Server 7.0 with default settings presents a risk of credential exposure due to weak encryption.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/severity
- agent/remedy
- agent/description
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/event
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft sql server
- version/microsoft sql server/7.0