Vulnerability Report

CVE-2000-1209

Title: SQL Server/MSDE default 'sa' account with null password

Authentication bypass

Proof Of Concept

PoC Available for CVE-2000-1209

CWE Category NVD-CWE-noinfo

Published Date Aug 12, 2002

Modified Date Apr 03, 2025

Exploit Status Available

Score 10.0 CVSS v2.0

Exploit Probability (EPSS)

88.44%

Vulnerability Summary

CVE-2000-1209: The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.

Impacted Vendors

microsoft 2

compaq 2

Reference Links

http://marc.info/?l=bugtraq&m=96333895000350&w=2 http://marc.info/?l=bugtraq&m=96593218804850&w=2 http://marc.info/?l=bugtraq&m=96644570412692&w=2 http://online.securityfocus.com/archive/1/273639 http://security-archive.merton.ox.ac.uk/bugtraq-200008/0233.html http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ313418 http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq321081 http://www.iss.net/security_center/static/1459.php http://www.kb.cert.org/vuls/id/635463 http://www.microsoft.com/security/security_bulletins/ms02020_sql.asp http://www.osvdb.org/3570 http://www.securityfocus.com/bid/4797 http://marc.info/?l=bugtraq&m=96333895000350&w=2 http://marc.info/?l=bugtraq&m=96593218804850&w=2 http://marc.info/?l=bugtraq&m=96644570412692&w=2 http://online.securityfocus.com/archive/1/273639 http://security-archive.merton.ox.ac.uk/bugtraq-200008/0233.html http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ313418 http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq321081 http://www.iss.net/security_center/static/1459.php http://www.kb.cert.org/vuls/id/635463 http://www.microsoft.com/security/security_bulletins/ms02020_sql.asp http://www.osvdb.org/3570 http://www.securityfocus.com/bid/4797

CVSS v2.0

Source Entity [email protected]

Severity HIGH

10.0

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:L/Au:N/C:C/I:C/A:C

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2000-1209 Exploits & PoCs (Proof Of Concept)

Exploit-DB https://www.exploit-db.com/exploits/16395

View Code

Exploit-DB https://www.exploit-db.com/exploits/16394

View Code

April 03, 2025 MODIFIED

Vulnerability data or affected products updated.

August 12, 2002 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:N/AC:L/Au:N/C:C/I:C/A:C

Affected Stack

No specific products linked.