CVE

Id
5033  
CVE No.
CVE-2002-0643  
Status
Candidate  
Description
The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System."  
Phase
Modified (20050510)  
Votes
ACCEPT(5) Armstrong, Baker, Cole, Foat, Wall | MODIFY(1) Frech | NOOP(2) Christey, Cox  
Comments
Wall> There may be a 4th type - clear-text passwords, which may be found in | other setup.iss files. | Christey> XF:mssql-insecure-password-storage(9524) | URL:http://www.iss.net/security_center/static/9524.php | BID:5203 | URL:http://www.securityfocus.com/bid/5203 | Frech> XF:mssql-insecure-password-storage(9524)  

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
26119 5033 CVE-2002-0643 BUGTRAQ:20020711 SQL Server 7 & 2000 Installation process and Service Packs write encoded passwords to a file  View
26120 5033 CVE-2002-0643 URL:http://marc.info/?l=bugtraq&m=102640092826731&w=2  View
26121 5033 CVE-2002-0643 VULN-DEV:20020711 SQL Server 7 & 2000 Installation process and Service Packs write encoded passwords to a file  View
26122 5033 CVE-2002-0643 URL:http://marc.info/?l=vuln-dev&m=102640394131103&w=2  View
26123 5033 CVE-2002-0643 CERT-VN:VU#338195  View
26124 5033 CVE-2002-0643 URL:http://www.kb.cert.org/vuls/id/338195  View
26125 5033 CVE-2002-0643 BID:5203  View
26126 5033 CVE-2002-0643 URL:http://www.securityfocus.com/bid/5203  View
26127 5033 CVE-2002-0643 MS:MS02-035  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
63828 JVNDB-2002-000155 Microsoft SQL Server のインストールプロセスにおける情報漏洩の脆弱性 Microsoft SQL Server には、インストール時において認証モードを「混合モード」とした場合、SQL Server の管理者のパスワードがセットアップファイルに保存される脆弱性が存在します。 CVE-2002-0643 5033 4.6 http://jvndb.jvn.jp/ja/contents/2002/JVNDB-2002-000155.html  View