CVE Database · CVE-2002-1872
CVSS v3.1
7.5
EPSS
5.95%
Published
Dec 31, 2002
Modified
Apr 15, 2026
Public PoC / Exploit (1)
All weaponized →Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NWeaknesses (CWE)
Affected Products (10)
References (8)