CVE-2000-1209 (CNNVD-200208-100)
CRITICAL
有利用代码
中文标题:
Microsoft MSDE/SQL Server 2000桌面引擎默认配置空口令漏洞
英文标题:
The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL...
CVSS分数:
10.0
发布时间:
2002-08-10 04:00:00
漏洞类型:
配置错误
状态:
PUBLISHED
数据质量分数:
0.30
数据版本:
v5
漏洞描述
中文描述:
Microsoft SQL Server Desktop Engine(MSDE)是一款Microsoft用来提供数据库管理服务的产品,Microsoft SQL Server 2000 Desktop Engine是一款Microsoft分发的数据库SQL SERVER2000共享数据引擎。 Microsoft SQL Server Desktop Engine(MSDE)和SQL Server 2000 Desktop Engine默认配置存在漏洞,可导致远程攻击者以管理员权限访问数据库。 Microsoft SQL Server Desktop Engine(MSDE)和SQL Server 2000 Desktop Engine默认配置其管理员密码为空,远程攻击者可以利用此漏洞以管理员权限访问数据库。 目前已经存在利用Microsoft SQL server和一些衍生产品MSDE和SQL Server 2000 Desktop Engine的默认空密码进行攻击的蠕虫。
英文描述:
The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
CWE类型:
(暂无数据)
标签:
remote
windows
Metasploit
OSVDB-557
OSVDB-15757
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| compaq | insight_manager | 7.0 | - | - |
cpe:2.3:a:compaq:insight_manager:7.0:*:*:*:*:*:*:*
|
| compaq | insight_manager_xe | 1.1 | - | - |
cpe:2.3:a:compaq:insight_manager_xe:1.1:*:*:*:*:*:*:*
|
| compaq | insight_manager_xe | 1.21 | - | - |
cpe:2.3:a:compaq:insight_manager_xe:1.21:*:*:*:*:*:*:*
|
| compaq | insight_manager_xe | 2.1 | - | - |
cpe:2.3:a:compaq:insight_manager_xe:2.1:*:*:*:*:*:*:*
|
| compaq | insight_manager_xe | 2.1b | - | - |
cpe:2.3:a:compaq:insight_manager_xe:2.1b:*:*:*:*:*:*:*
|
| compaq | insight_manager_xe | 2.1c | - | - |
cpe:2.3:a:compaq:insight_manager_xe:2.1c:*:*:*:*:*:*:*
|
| compaq | insight_manager_xe | 2.2 | - | - |
cpe:2.3:a:compaq:insight_manager_xe:2.2:*:*:*:*:*:*:*
|
| microsoft | data_engine | 1.0 | - | - |
cpe:2.3:a:microsoft:data_engine:1.0:*:*:*:*:*:*:*
|
| microsoft | msde | 2000 | - | - |
cpe:2.3:a:microsoft:msde:2000:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
3570
vdb-entry
cve.org
访问
cve.org
4797
vdb-entry
cve.org
访问
cve.org
20000710 MSDE / Re: Default Password Database
mailing-list
cve.org
访问
cve.org
VU#635463
third-party-advisory
cve.org
访问
cve.org
mssql-no-sapassword(1459)
vdb-entry
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
20000816 Released Patch: Tumbleweed Worldsecure (MMS) BLANK 'sa' account password
mailing-list
cve.org
访问
cve.org
20020522 Opty-Way Enterprise includes MSDE with sa <blank>
mailing-list
cve.org
访问
cve.org
Q313418
vendor-advisory
cve.org
访问
cve.org
20000810 Tumbleweed Worldsecure (MMS) BLANK 'sa' account password
mailing-list
cve.org
访问
cve.org
Q321081
vendor-advisory
cve.org
访问
cve.org
20000815 MS-SQL 'sa' user exploit code
mailing-list
cve.org
访问
cve.org
ExploitDB EDB-16394
EXPLOIT
exploitdb
访问
exploitdb
Download Exploit EDB-16394
EXPLOIT
exploitdb
访问
exploitdb
CVE Reference: CVE-2000-1209
ADVISORY
cve.org
访问
cve.org
CVE Reference: CVE-2000-0402
ADVISORY
cve.org
访问
cve.org
ExploitDB EDB-16395
EXPLOIT
exploitdb
访问
exploitdb
Download Exploit EDB-16395
EXPLOIT
exploitdb
访问
exploitdb
CVSS评分详情
10.0
CRITICAL
CVSS向量:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS版本:
2.0
机密性
COMPLETE
完整性
COMPLETE
可用性
COMPLETE
时间信息
发布时间:
2002-08-10 04:00:00
修改时间:
2024-08-08 05:45:37
创建时间:
2025-11-11 15:32:13
更新时间:
2025-11-11 16:10:59
利用信息
此漏洞有可利用代码!
利用代码数量:
2
利用来源:
未知
未知
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2000-1209 |
2025-11-11 15:17:20 | 2025-11-11 07:32:13 |
| NVD | nvd_CVE-2000-1209 |
2025-11-11 14:50:27 | 2025-11-11 07:40:59 |
| CNNVD | cnnvd_CNNVD-200208-100 |
2025-11-11 15:08:41 | 2025-11-11 07:48:48 |
| EXPLOITDB | exploitdb_EDB-16394 |
2025-11-11 15:05:57 | 2025-11-11 08:10:59 |
| EXPLOITDB | exploitdb_EDB-16395 |
2025-11-11 15:05:57 | 2025-11-11 08:10:59 |
版本与语言
当前版本:
v5
主要语言:
EN
支持语言:
EN
ZH
其他标识符:
:
:
:
:
安全公告
暂无安全公告信息
变更历史
v5
EXPLOITDB
2025-11-11 16:10:59
references_count: 16 → 18
查看详细变更
- references_count: 16 -> 18
v4
EXPLOITDB
2025-11-11 16:10:59
references_count: 12 → 16; tags_count: 0 → 5; data_sources: ['cnnvd', 'cve', 'nvd'] → ['cnnvd', 'cve', 'exploitdb', 'nvd']
查看详细变更
- references_count: 12 -> 16
- tags_count: 0 -> 5
- data_sources: ['cnnvd', 'cve', 'nvd'] -> ['cnnvd', 'cve', 'exploitdb', 'nvd']
v3
CNNVD
2025-11-11 15:48:48
vulnerability_type: 未提取 → 配置错误; cnnvd_id: 未提取 → CNNVD-200208-100; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
- vulnerability_type: 未提取 -> 配置错误
- cnnvd_id: 未提取 -> CNNVD-200208-100
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2
NVD
2025-11-11 15:40:59
severity: SeverityLevel.MEDIUM → SeverityLevel.CRITICAL; cvss_score: 未提取 → 10.0; cvss_vector: NOT_EXTRACTED → AV:N/AC:L/Au:N/C:C/I:C/A:C; cvss_version: NOT_EXTRACTED → 2.0; affected_products_count: 0 → 9; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
- severity: SeverityLevel.MEDIUM -> SeverityLevel.CRITICAL
- cvss_score: 未提取 -> 10.0
- cvss_vector: NOT_EXTRACTED -> AV:N/AC:L/Au:N/C:C/I:C/A:C
- cvss_version: NOT_EXTRACTED -> 2.0
- affected_products_count: 0 -> 9
- data_sources: ['cve'] -> ['cve', 'nvd']