|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: MS-SQL 'sa' user exploit code
From: Neil Pike (NeilPike
COMPUSERVE.COM)Date: Wed Aug 16 2000 - 02:39:49 CDT
- Next message: der Mouse: "Re: machine independent protection from stack-smashing attack"
- Previous message: Alexey Yarovinsky: "Re: BrownOrifice can break firewalls!"
- Maybe in reply to: herblessHUSHMAIL.COM: "MS-SQL 'sa' user exploit code"
- Next in thread: Microsoft Security Response Center: "Re: MS-SQL 'sa' user exploit code"
- Maybe reply: Neil Pike: "Re: MS-SQL 'sa' user exploit code"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This is "fixed" in SQL 2000, where the default is NT integrated security
and you have to manually override this and confirm you want a "standard"
login, and confirm again if you want it to have a blank password...
But anyone who leaves the default in SQL 7 or below deserves all they get!
> It has come to light that it is now common knowledge that MS-SQL has a
blank
> 'sa' password by default. This seems to affect a _lot_ of servers on the
> internet.
Neil Pike MVP/MCSE
Protech Computing Ltd
- Next message: der Mouse: "Re: machine independent protection from stack-smashing attack"
- Previous message: Alexey Yarovinsky: "Re: BrownOrifice can break firewalls!"
- Maybe in reply to: herblessHUSHMAIL.COM: "MS-SQL 'sa' user exploit code"
- Next in thread: Microsoft Security Response Center: "Re: MS-SQL 'sa' user exploit code"
- Maybe reply: Neil Pike: "Re: MS-SQL 'sa' user exploit code"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]