Vulnerability Name:

CVE-2000-1209 (CCN-1459)

Assigned:1998-12-18
Published:1998-12-18
Updated:2018-08-13
Summary:The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Tue Aug 15 2000 - 05:37:36 BST
MS-SQL 'sa' user exploit code

Source: MITRE
Type: CNA
CVE-2000-1209

Source: BUGTRAQ
Type: UNKNOWN
20000710 MSDE / Re: Default Password Database

Source: BUGTRAQ
Type: UNKNOWN
20000810 Tumbleweed Worldsecure (MMS) BLANK 'sa' account password

Source: BUGTRAQ
Type: UNKNOWN
20000816 Released Patch: Tumbleweed Worldsecure (MMS) BLANK 'sa' account password

Source: CCN
Type: BugTraq Mailing List, 2000-07-10 20:07:53
MSDE / Re: Default Password Database

Source: BUGTRAQ
Type: UNKNOWN
20020522 Opty-Way Enterprise includes MSDE with sa

Source: BUGTRAQ
Type: UNKNOWN
20000815 MS-SQL 'sa' user exploit code

Source: MSKB
Type: UNKNOWN
Q321081

Source: MSKB
Type: UNKNOWN
Q313418

Source: XF
Type: Patch, Vendor Advisory
mssql-no-sapassword(1459)

Source: CCN
Type: Internet Security Systems Security Alert #118
Microsoft SQL Spida Worm Propagation

Source: CCN
Type: US-CERT VU#635463
Microsoft SQL Server and Microsoft Data Engine (MSDE) ship with a null default password

Source: CERT-VN
Type: Patch, Third Party Advisory, US Government Resource
VU#635463

Source: CONFIRM
Type: UNKNOWN
http://www.microsoft.com/security/security_bulletins/ms02020_sql.asp

Source: OSVDB
Type: UNKNOWN
3570

Source: CCN
Type: OSVDB ID: 3570
Compaq Insight Manager Default Password

Source: CCN
Type: SecuriTeam Mailing List, Windows NT focus 21 Aug 2000
Microsoft releases safeguard guide for the MS SQL blank 'sa' vulnerability

Source: BID
Type: UNKNOWN
4797

Source: CCN
Type: BID-4797
Microsoft MSDE/SQL Server 2000 Desktop Engine Default Configuration Vulnerability

Source: XF
Type: UNKNOWN
mssql-no-sapassword(1459)

Source: CCN
Type: IBM Internet Security Systems X-Force Database
SQL Spida Worm Propagation

Source: CCN
Type: Microsoft Knowledge Base Article 274773
FIX: If You Change Windows Security to Windows/SQL Security the SA Password is Blank

Source: CCN
Type: Microsoft Knowledge Base Article 313418
PRB: Unsecured SQL Server with Blank (NULL) SA Password Leaves Vulnerability to a Worm

Source: CCN
Type: Rapid7 Vulnerability & Exploit Database
Microsoft SQL Server Payload Execution

Source: CCN
Type: Rapid7 Vulnerability and Exploit Database
Microsoft SQL Server Payload Execution via SQL Injection

Vulnerable Configuration:Configuration 1:
  • cpe:/a:compaq:insight_manager:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:insight_manager:7.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:compaq:insight_manager_xe:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:insight_manager_xe:1.21:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:insight_manager_xe:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:insight_manager_xe:2.1b:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:insight_manager_xe:2.1c:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:insight_manager_xe:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:data_engine:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:msde:2000:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:sql_server:-:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:-:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:xp:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2000-1209 (CCN-9154)

    Assigned:2002-05-23
    Published:2002-05-23
    Updated:2002-05-23
    Summary:Multiple products that use the Microsoft Data Engine (MSDE) and Microsoft SQL Server 2000 Desktop Engine have a null administrative (sa) password configured by default. A remote attacker could use this vulnerability to gain unauthorized administrative privileges to the database.
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
    8.3 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Complete
    Integrity (I): Complete
    Availibility (A): Complete
    7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    6.2 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    Vulnerability Consequences:Gain Access
    References:Source: CCN
    Type: BugTraq Mailing List, Wed May 22 2002 - 12:07:38 CDT
    Opty-Way Enterprise includes MSDE with sa blank

    Source: MITRE
    Type: CNA
    CVE-2000-1209

    Source: CCN
    Type: Internet Security Systems Security Alert #118
    Microsoft SQL Spida Worm Propagation

    Source: CCN
    Type: US-CERT VU#635463
    Microsoft SQL Server and Microsoft Data Engine (MSDE) ship with a null default password

    Source: CCN
    Type: NTBugTraq Mailing List, Thu, 23 May 2002 08:17:18 -0500
    MSDE Advisory

    Source: CCN
    Type: OSVDB ID: 3570
    Compaq Insight Manager Default Password

    Source: CCN
    Type: BID-4797
    Microsoft MSDE/SQL Server 2000 Desktop Engine Default Configuration Vulnerability

    Source: XF
    Type: UNKNOWN
    msde-mssql-default-password(9154)

    Source: CCN
    Type: Microsoft Knowledge Base Article 313418
    PRB: Unsecured SQL Server with Blank (NULL) SA Password Leaves Vulnerability to a Worm

    Source: CCN
    Type: Microsoft Knowledge Base Article 321081
    Visio: Installation of MSDE Creates an 'sa' Account with a Blank Password (Q321081)

    Source: CCN
    Type: Microsoft Knowledge Base Article 322336
    HOW TO: Verify and Change the System Administrator Password by Using MSDE (Q322336)

    Source: CCN
    Type: Rapid7 Vulnerability & Exploit Database
    Microsoft SQL Server Payload Execution

    Source: CCN
    Type: Rapid7 Vulnerability and Exploit Database
    Microsoft SQL Server Payload Execution via SQL Injection

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:microsoft:sql_server_desktop_engine:2000:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:visio:2000:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:visual_studio:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:data_engine:1.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    compaq insight manager 7.0
    compaq insight manager 7.0 sp1
    compaq insight manager xe 1.1
    compaq insight manager xe 1.21
    compaq insight manager xe 2.1
    compaq insight manager xe 2.1b
    compaq insight manager xe 2.1c
    compaq insight manager xe 2.2
    microsoft data engine 1.0
    microsoft msde 2000
    microsoft windows nt 4.0
    microsoft sql server -
    microsoft windows 2000
    microsoft windows xp
    microsoft windows 2003_server
    microsoft sql server desktop engine 2000
    microsoft visio 2000
    microsoft visual studio 6.0
    microsoft data engine 1.0