Back to search
CVE-2002-0643
Published: Jul 12, 2002
Modified: Aug 8, 2024
PUBLISHED
Description
The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20020711 SQL Server 7 & 2000 Installation process and Service Packs write encoded passwords to a file
mailing-list
x_refsource_BUGTRAQ
MS02-035
vendor-advisory
x_refsource_MS
20020711 SQL Server 7 & 2000 Installation process and Service Packs write encoded passwords to a file
mailing-list
x_refsource_VULN-DEV
VU#338195
third-party-advisory
x_refsource_CERT-VN
5203
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now