CVE

Id
6254  
CVE No.
CVE-2002-1872  
Status
Candidate  
Description
Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.  
Phase
Assigned (20050629)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
35539 6254 CVE-2002-1872 BUGTRAQ:20021102 Weak Password Encryption Scheme in MS SQL Server  View
35540 6254 CVE-2002-1872 URL:http://online.securityfocus.com/archive/1/298361  View
35541 6254 CVE-2002-1872 MISC:http://www.nextgenss.com/papers/tp-SQL2000.pdf  View
35542 6254 CVE-2002-1872 BID:6097  View
35543 6254 CVE-2002-1872 URL:http://www.securityfocus.com/bid/6097  View
35544 6254 CVE-2002-1872 XF:mssql-weak-password-encryption(10542)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
63942 JVNDB-2002-000269 Microsoft SQL Server の SQL Server 認証方式におけるパスワードを解読される脆弱性 Microsoft SQL Server の SQL Server 認証は、単純な XOR 演算によるパスワードの暗号化を行っているためパスワードが解読可能な脆弱性が存在します。 CVE-2002-1872 6254 5 http://jvndb.jvn.jp/ja/contents/2002/JVNDB-2002-000269.html  View