CVE DATABASE / CVE-2002-1872
CVE-2002-1872
CVSS 7.5 · HIGH
Summary
Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.
CVSS 3.1 breakdown
| Base score | 7.5 (HIGH) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | NONE |
| Availability | NONE |
Weakness type (CWE)
Affected products
Microsoft sql server
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://online.securityfocus.com/archive/1/298361
- http://www.iss.net/security_center/static/10542.php
- http://www.nextgenss.com/papers/tp-SQL2000.pdf
- http://www.securityfocus.com/bid/6097
Data: NIST NVD. NVD last modified 2026-04-16. Always verify against the vendor advisory before acting.