VULHUB ™

Microsoft Commerce Server 2002 installs a registry key with weak default permissions when configured to authenticate via SQL Server. Attackers with interactive access to a system hosting the vulnerable software could gain access to sensitive information stored in the registry, including authentication credentials, which could be used to compromise the database. This issue is reported to affect Microsoft Commerce Server 2002. It is not known if Microsoft Commerce Server 2000 is similarly affected.

Microsoft Commerce Server 2002 installs a registry key with weak default permissions when configured to authenticate via SQL Server. Attackers with interactive access to a system hosting the vulnerable software could gain access to sensitive information stored in the registry, including authentication credentials, which could be used to compromise the database. This issue is reported to affect Microsoft Commerce Server 2002. It is not known if Microsoft Commerce Server 2000 is similarly affected.