Description

When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password.

Remediation

References

CVE-2000-0199

Related Vulnerabilities

WordPress Plugin job-portal Cross-Site Scripting (0.0.1)

WordPress Plugin Testimonial Slider SQL Injection (1.2.4)

phpMyAdmin Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2011-2643)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5472)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-17093)

Severity

High

Classification

CVE-2000-0199

Tags

Missing Update Known Vulnerabilities