|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Tumbleweed Worldsecure (MMS) BLANK 'sa' account passwordvulne rability
From: Russ (Russ.Cooper
RC.ON.CA)Date: Tue Aug 15 2000 - 19:40:44 CDT
- Next message: Iván Arce: "BEA Weblogic server proxy library vulnerabilities"
- Previous message: blackhatDATAPROTECT.COM: "A Stateful Inspection of FireWall-1"
- Next in thread: Nick FitzGerald: "Re: Tumbleweed Worldsecure (MMS) BLANK 'sa' account passwordvuln"
- Reply: Nick FitzGerald: "Re: Tumbleweed Worldsecure (MMS) BLANK 'sa' account passwordvuln"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
The part that confuses me about this Tumbleweed vulnerability, and the part
I asked "__nt__ANONYMOUS.TO" (who originally posted this message) and never
got answered, was that SQL 7.0 by default assumes you will be using NTLM for
SQL Authentication. As such, no SA account is to be used. When configured
like this the client performs the normal c/r with the SQL box and, if
authenticated, is allowed access.
Does the stripped down version of SQL 7.0 that Tumbleweed implemented use
the same authentication basis? Was the installation performed by
"__nt__ANONYMOUS.TO" botched by telling it to use normal SA authentication
instead?
Cheers,
Russ - NTBugtraq Editor
- Next message: Iván Arce: "BEA Weblogic server proxy library vulnerabilities"
- Previous message: blackhatDATAPROTECT.COM: "A Stateful Inspection of FireWall-1"
- Next in thread: Nick FitzGerald: "Re: Tumbleweed Worldsecure (MMS) BLANK 'sa' account passwordvuln"
- Reply: Nick FitzGerald: "Re: Tumbleweed Worldsecure (MMS) BLANK 'sa' account passwordvuln"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]