Back
CVE-2000-0402
The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability.
Published: May 30, 2000
Modified: Apr 16, 2026
CVSS Metrics
Affected Products (3)
| Vendor | Product | Version |
|---|---|---|
| microsoft | sql_server | 7.0 |
| microsoft | sql_server | 7.0 |
| microsoft | sql_server | 7.0 |
GitHub Security Advisory GHSA-wr9w-p9gv-6q7p
The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System...
References (6)
- http://www.microsoft.com/technet/support/kb.asp?ID=263968
- http://www.securityfocus.com/bid/1281
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-035
- http://www.microsoft.com/technet/support/kb.asp?ID=263968
- http://www.securityfocus.com/bid/1281
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-035
Risk Scores
CVSS Score
2.1 / 10
EPSS Score
78.48%
Top 1% most likely to be exploited
Threat Score
41.9 / 100
Data Sources
NVD
EPSS
GitHub