RE: MS-SQL Blank Password Enumeration
From: O'Malley, William (womalley@freemarkets.com)Date: 05/28/02
- Previous message: Patrick Morris: "Re: About ping request?"
- Maybe in reply to: Don Wolf: "MS-SQL Blank Password Enumeration"
- Next in thread: Chip Andrews: "Re: MS-SQL Blank Password Enumeration"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 28 May 2002 07:16:34 -0400 From: "O'Malley, William" <womalley@freemarkets.com> To: "Don Wolf" <don.wolf@securedsite.org>, "Focus-MS - Security Focus" <focus-ms@securityfocus.com>
eEye has a free tool for doing this.
http://www.eeye.com/html/Research/Tools/sqlworm.html
I've been using that and Nessus to find any open servers.
-----Original Message-----
From: Don Wolf [mailto:securedsite@hotmail.com]
Sent: Monday, May 27, 2002 3:30 PM
To: Focus-MS - Security Focus
Subject: MS-SQL Blank Password Enumeration
Greetings All, a quick question for any MS-SQL folks:
How can I determine which databases have blank passwords on SQL servers
with
multiple databases? I've already determined the servers which contain
blank
passwords, but the tool I am using (sqlbf.c) doesn't display the
individual
database, e.g. Northwind, etc. On one particular server we have 5
databases
and I need to determine which is running blank and what dept. will need
to
fix it. I am asking this question assuming the SA account is not global
and
is configured on each individual database?
Any assistance would be greatly appreciated.
Brian.
- Previous message: Patrick Morris: "Re: About ping request?"
- Maybe in reply to: Don Wolf: "MS-SQL Blank Password Enumeration"
- Next in thread: Chip Andrews: "Re: MS-SQL Blank Password Enumeration"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
