Microsoft SQL Server < 7 Local Privilege Escalation

high Nessus Plugin ID 11870


The remote SQL Server is affected by a local privilege escalation vulnerability.


Based on its version number, the remote host may be vulnerable to a local exploit wherein an authenticated user can obtain and crack SQL usernames and passwords from the registry.

An attacker may use this flaw to elevate their privileges on the local database.

*** This alert might be a false positive, as Nessus did not actually
*** check for this flaw but relied solely on the presence of Microsoft
*** SQL 7 to issue this alert.


Ensure that the configuration has enabled Always prompting for login name and password.

See Also

Plugin Details

Severity: High

ID: 11870

File Name: mssql_lte_7.nasl

Version: 1.23

Type: local

Agent: windows

Family: Databases

Published: 10/8/2003

Updated: 4/11/2022

Supported Sensors: Nessus Agent

Risk Information

CVSS Score Source: CVE-2000-0199


Risk Factor: Medium

Score: 5.9


Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C


Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:sql_server

Required KB Items: mssql/installed

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 3/14/2000

Reference Information

CVE: CVE-2000-0199

BID: 1055