Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.
Threat-Mapped Scoring
Score: 3.0
Priority: P2 - Serious (High)
S1 – Steal Customer Account Information
EPSS
Score: 0.01584Percentile:
0.80802
CVSS Scoring
CVSS v3.1 Score: 7.5
Severity: HIGH
Mapped CWE(s)
CWE-326
: Inadequate Encryption Strength
All CAPEC(s)
CAPEC-112 : Brute Force
CAPEC-192 : Protocol Analysis
CAPEC-20 : Encryption Brute Forcing
CAPEC(s) with Mapped TTPs
CAPEC-112 : Brute Force
Mapped TTPs:
Mapped ATT&CK TTPs
T1110
: Brute Force
Kill Chain: credential-access
Malware
APTs Threat Group Associations
Campaigns
2016 Ukraine Electric Power Attack Operation Dream Job
Affected Products
cpe:2.3:a:microsoft:sql_server:6.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:6.5:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:7.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:7.0:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:7.0:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:7.0:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:7.0:sp4:*:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:2000:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:2000:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:2000:sp2:*:*:*:*:*:*
← Back to Home
BrownCoat Threat Intelligence Platform | 2025 Steve Gray — You Can’t Take the Sky from Me