What is CVE-2000-1209?

CVE-2000-1209 is a vulnerability in N/a. Published 2002-08-10.

Is CVE-2000-1209 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2000-1209

The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS…

EPSS: 0.884 (99.5th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

3570 (x_refsource_OSVDB, vdb-entry)
4797 (vdb-entry, x_refsource_BID)
20000710 MSDE / Re: Default Password Database (mailing-list, x_refsource_BUGTRAQ)
VU#635463 (x_refsource_CERT-VN, third-party-advisory)
mssql-no-sapassword(1459) (vdb-entry, x_refsource_XF)
www.microsoft.com/security/security_bulletins/ms02020_sql.asp (x_refsource_CONFIRM)
20000816 Released Patch: Tumbleweed Worldsecure (MMS) BLANK 'sa' account password (mailing-list, x_refsource_BUGTRAQ)
20020522 Opty-Way Enterprise includes MSDE with sa <blank> (mailing-list, x_refsource_BUGTRAQ)
Q313418 (vendor-advisory, x_refsource_MSKB)
20000810 Tumbleweed Worldsecure (MMS) BLANK 'sa' account password (mailing-list, x_refsource_BUGTRAQ)

Frequently asked questions

What is CVE-2000-1209?: CVE-2000-1209 is a vulnerability in N/a. Published 2002-08-10.
Is CVE-2000-1209 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.