Back to search
CVE-2000-1209
Published: Aug 10, 2002
Modified: Aug 8, 2024
PUBLISHED
Description
The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
3570
vdb-entry
x_refsource_OSVDB
4797
vdb-entry
x_refsource_BID
20000710 MSDE / Re: Default Password Database
mailing-list
x_refsource_BUGTRAQ
VU#635463
third-party-advisory
x_refsource_CERT-VN
mssql-no-sapassword(1459)
vdb-entry
x_refsource_XF
http://www.microsoft.com/security/security_bulletins/ms02020_sql.asp
x_refsource_CONFIRM
20000816 Released Patch: Tumbleweed Worldsecure (MMS) BLANK 'sa' account password
mailing-list
x_refsource_BUGTRAQ
20020522 Opty-Way Enterprise includes MSDE with sa <blank>
mailing-list
x_refsource_BUGTRAQ
Q313418
vendor-advisory
x_refsource_MSKB
20000810 Tumbleweed Worldsecure (MMS) BLANK 'sa' account password
mailing-list
x_refsource_BUGTRAQ
Q321081
vendor-advisory
x_refsource_MSKB
20000815 MS-SQL 'sa' user exploit code
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now