CVE-2000-0402
LowExploitation Probability (EPSS)
Very high risk100th percentile — higher than 100% of all known CVEs
Summary
The vulnerability in Microsoft SQL Server 7.0 allows the Mixed Mode authentication mechanism to store the System Administrator (sa) account password in plaintext in a log file, which is accessible to any user.
Risk Assessment
This threat enables unauthorized users to gain access to the administrator account, potentially leading to serious security breaches and data loss.
Recommendation
It is recommended to upgrade to a newer version of SQL Server and restrict access to log files to minimize the risk of password leakage.
Original NVD description (English source)
The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability.

