Re: MS-SQL Blank Password Enumeration
From: Chip Andrews (chipandrews@usa.net)Date: 05/28/02
- Previous message: O'Malley, William: "RE: MS-SQL Blank Password Enumeration"
- In reply to: Don Wolf: "MS-SQL Blank Password Enumeration"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Chip Andrews" <chipandrews@usa.net> To: "Don Wolf" <don.wolf@securedsite.org>, "Focus-MS - Security Focus" <focus-ms@securityfocus.com> Date: Mon, 27 May 2002 19:50:14 -0400
Brian,
Databases don't have passwords - logins do. I think what you may be asking
is how do I determine if other "instances" of SQL Server exist on the
machine and do any of those have blank 'sa' passwords. You can use SQLPing
2.2 at http://www.sqlsecurity.com or App Detective at
http://www.appsecinc.com - both apps will detect multiple instances and
check each instance for a blank (or weak) 'sa' account passwords.
Chip
www.sqlsecurity.com
----- Original Message -----
From: "Don Wolf" <securedsite@hotmail.com>
To: "Focus-MS - Security Focus" <focus-ms@securityfocus.com>
Sent: Monday, May 27, 2002 3:30 PM
Subject: MS-SQL Blank Password Enumeration
>
> Greetings All, a quick question for any MS-SQL folks:
>
> How can I determine which databases have blank passwords on SQL servers
with
> multiple databases? I've already determined the servers which contain
blank
> passwords, but the tool I am using (sqlbf.c) doesn't display the
individual
> database, e.g. Northwind, etc. On one particular server we have 5
databases
> and I need to determine which is running blank and what dept. will need to
> fix it. I am asking this question assuming the SA account is not global
and
> is configured on each individual database?
>
> Any assistance would be greatly appreciated.
>
> Brian.
>
- Previous message: O'Malley, William: "RE: MS-SQL Blank Password Enumeration"
- In reply to: Don Wolf: "MS-SQL Blank Password Enumeration"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
