CVE-2000-0199 : When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login

When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password.

Published 2000-03-14 05:00:00

Updated 2008-09-10 19:03:17

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2000-0199

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 8 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2000-0199

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2000-0199

http://www.securityfocus.com/bid/1055

Exploit;Patch;Vendor Advisory

Products affected by CVE-2000-0199

Microsoft » Sql Server » Version: 7.0
cpe:2.3:a:microsoft:sql_server:7.0:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2000-0199

Exploit prediction scoring system (EPSS) score for CVE-2000-0199

CVSS scores for CVE-2000-0199

References for CVE-2000-0199

Products affected by CVE-2000-0199