 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2002-0643 |
| Description: | The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System." |
| Test IDs: | 1.3.6.1.4.1.25623.1.0.11322 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2002-0643 BugTraq ID: 5203 http://www.securityfocus.com/bid/5203 Bugtraq: 20020711 SQL Server 7 & 2000 Installation process and Service Packs write encoded passwords to a file (Google Search) http://marc.info/?l=bugtraq&m=102640092826731&w=2 CERT/CC vulnerability note: VU#338195 http://www.kb.cert.org/vuls/id/338195 Microsoft Security Bulletin: MS02-035 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-035 http://marc.info/?l=vuln-dev&m=102640394131103&w=2 |