← CVECheck
HomeVulnerabilities

CVE-2002-0643 — MEDIUM severity vulnerability (The installation of Microsoft Data Engine 1.0 (MSDE 1.0), an)

The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation

CVE IDCVE-2002-0643
SeverityMEDIUM
CVSS score4.6
CVSS vectorAV:L/AC:L/Au:N/C:P/I:P/A:P
CWENVD-CWE-Other
StatusModified
Published2002-07-23
Last modified2026-04-16
DescriptionThe installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System."
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →