CVE-2000-1209
Summary
| CVE | CVE-2000-1209 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2002-08-12 04:00:00 UTC |
| Updated | 2025-04-03 01:03:51 UTC |
| Description | The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida. |
Risk And Classification
Primary CVSS: v2.0 10 from [email protected]
AV:N/AC:L/Au:N/C:C/I:C/A:C
Problem Types: NVD-CWE-Other | n/a
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:N/AC:L/Au:N/C:C/I:C/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Compaq | Insight Manager | 7.0 | All | All | All |
| Application | Compaq | Insight Manager | 7.0 | sp1 | All | All |
| Application | Compaq | Insight Manager Xe | 1.1 | All | All | All |
| Application | Compaq | Insight Manager Xe | 1.21 | All | All | All |
| Application | Compaq | Insight Manager Xe | 2.1 | All | All | All |
| Application | Compaq | Insight Manager Xe | 2.1b | All | All | All |
| Application | Compaq | Insight Manager Xe | 2.1c | All | All | All |
| Application | Compaq | Insight Manager Xe | 2.2 | All | All | All |
| Application | Microsoft | Data Engine | 1.0 | All | All | All |
| Application | Microsoft | Msde | 2000 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| An unsecured SQL Server server that has a blank (NULL) system administrator password allows vulnerability to a worm | af854a3a-2127-422b-91ae-364da2661108 | support.microsoft.com | |
| 'Tumbleweed Worldsecure (MMS) BLANK 'sa' account password' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | |
| ISS X-Force Database: mssql-no-sapassword (1459): Blank sa password on Microsoft SQL Server | af854a3a-2127-422b-91ae-364da2661108 | www.iss.net | Patch, Vendor Advisory |
| Bugtraq Archive August 2000: MS-SQL 'sa' user exploit code | af854a3a-2127-422b-91ae-364da2661108 | security-archive.merton.ox.ac.uk | |
| Visio: Installation of MSDE Creates an 'sa' Account with a Blank Password | af854a3a-2127-422b-91ae-364da2661108 | support.microsoft.com | |
| CERT/CC Vulnerability Note VU#635463 | af854a3a-2127-422b-91ae-364da2661108 | www.kb.cert.org | Patch, Third Party Advisory, US Government Resource |
| Microsoft MSDE/SQL Server 2000 Desktop Engine Default Configuration Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| 'MSDE / Re: Default Password Database' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | |
| www.osvdb.org/3570 | af854a3a-2127-422b-91ae-364da2661108 | www.osvdb.org | |
| online.securityfocus.com/archive/1/273639 | af854a3a-2127-422b-91ae-364da2661108 | online.securityfocus.com | |
| marc.info | af854a3a-2127-422b-91ae-364da2661108 | marc.info | |
| We are sorry, the page you requested cannot be found | af854a3a-2127-422b-91ae-364da2661108 | www.microsoft.com | |
| An unsecured SQL Server server that has a blank (NULL) system administrator password allows vulnerability to a worm | MITRE | support.microsoft.com | |
| Visio: Installation of MSDE Creates an 'sa' Account with a Blank Password | MITRE | support.microsoft.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.