CVE-2002-1872 Information

Description

Microsoft SQL Server 6.0 through 2000 with SQL Authentication enabled uses weak password encryption (XOR) which allows remote attackers to sniff and decrypt the password.

Reference

http://online.securityfocus.com/archive/1/298361 http://www.iss.net/security_center/static/10542.php http://www.nextgenss.com/papers/tp-SQL2000.pdf http://www.securityfocus.com/bid/6097