Microsoft SQL Server < 7 Local Privilege Escalation

This script is Copyright (C) 2003-2013 Tenable Network Security, Inc.

Synopsis :

The remote SQL Server is affected by a local privilege escalation

Description :

Based on its version number, the remote host may be vulnerable to a
local exploit wherein an authenticated user can obtain and crack SQL
usernames and passwords from the registry.

An attacker may use this flaw to elevate their privileges on the local

*** This alert might be a false positive, as Nessus did not actually
*** check for this flaw but relied solely on the presence of Microsoft
*** SQL 7 to issue this alert.

See also :

Solution :

Ensure that the configuration has enabled Always prompting for login
name and password.

Risk factor :

High / CVSS Base Score : 7.2
CVSS Temporal Score : 6.1

Family: Databases

Nessus Plugin ID: 11870 ()

Bugtraq ID: 1055

CVE ID: CVE-2000-0199