[ insider_reports_insider ]
Password Flaw Found In Microsoft SQL Server
Mike Sachoff
Staff Writer
2009-09-02
 Insider Reports RSS Feed
Database security software firm, Sentrigo, announced today that it has detected a vulnerability in Microsoft SQL Server that allows users with administrative privileges to openly see the unencrypted passwords of other users accessing the server using SQL Server authentication.
 | | Password Flaw Found In Microsoft SQL Server |  |
"In the course of ongoing security research into SQL Server databases, one of our researchers noticed that the unique string of their personal password was clearly visible in memory in SQL Server," said Slavik Markovich, CTO of Sentrigo.
"While it is true that exploiting this vulnerability requires administrative access, it is common for multiple users to have this privilege within most IT organizations. Even if that person is entirely trustworthy, they should never be able to see another user's actual password. Furthermore, the risk of a hacker gaining administrative access to a server is always present, and the exposure of additional user passwords could greatly expand the breach to other systems."
Organizations that are using SQL Server 2000, 2005 and 2008, running on all Windows platforms and are using mixed authentication mode are vulnerable to this password exposure.
Sentrigo has released its free Passwordizer tool to secure the Microsoft SQL Server vulnerability and it can be downloaded here.
View All Articles by Mike Sachoff
About the Author:
Mike is a staff writer for WebProNews. Visit WebProNews for the latest ebusiness news.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
