Story by
Boris Veldhuijzen van Zanten
Founder & board member, TNWBoris is a serial entrepreneur who founded not only TNW, but also V3 Redirect Services (sold), HubHop Wireless Internet Provider (sold), and Boris is a serial entrepreneur who founded not only TNW, but also V3 Redirect Services (sold), HubHop Wireless Internet Provider (sold), and pr.co. Boris is very active on Twitter as @Boris and Instagram: @Boris.
Sentrigo, a database security software company, has discovered a flaw in Microsoft SQL Server that allows any user with administrative privileges to read the unencrypted password of all other users. The passwords are exposed when Applications access the server using SQL Server authentication.
You might argue that once a hacker has gained administrative access to your servers you are in deep shit anyway.
But as you might also know most people use the same password everywhere so a hacker gaining access AND getting the passwords of everybody in your company might make matters a lot worse.
Adding insult to injury Microsoft has indicated that they do not intend to address the vulnerability at this time.
The kind people at Sentrigo have therefor released a free software utility to allow users to protect their systems. This after they warned Microsoft and asked for a fix and got a friendly reply information them they weren’t going to do anything.
If you are using mixed authentication mode (“SQL Server & Windows Authentication Mode”) you are vulnerable. SQL Server 2000, 2005, and 2008, running on all supported Windows platforms.
Get the TNW newsletter
Get the most important tech news in your inbox each week.
