| Vulnerability Name: | CVE-1999-1556 (CCN-7354) | ||||||||
| Assigned: | 1998-06-29 | ||||||||
| Published: | 1998-06-29 | ||||||||
| Updated: | 2017-10-10 | ||||||||
| Summary: | Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value. | ||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-1999-1556 Source: NTBUGTRAQ Type: UNKNOWN 19980629 MS SQL Server 6.5 stores password in unprotected registry keys Source: CCN Type: NTBugTraq Mailing List, Mon, 29 Jun 1998 22:00:43 -0400 MS SQL Server 6.5 stores password in unprotected registry keys Source: CCN Type: OSVDB ID: 10156 Microsoft SQL Server SQLExecutiveCmdExec Account Credential Encryption Weakness Source: BID Type: Vendor Advisory 109 Source: CCN Type: BID-109 NT SQL Server Password Vulnerability Source: XF Type: UNKNOWN mssql-sqlexecutivecmdexec-password(7354) Source: XF Type: UNKNOWN mssql-sqlexecutivecmdexec-password(7354) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||