This article was published on September 3, 2009

Microsoft SQL Server exposes passwords. Microsoft doesn’t care.


Microsoft SQL Server exposes passwords. Microsoft doesn’t care.

piss Sentrigo, a database security software company, has discovered a flaw in Microsoft SQL Server that allows any user with administrative privileges to read the unencrypted password of all other users. The passwords are exposed when Applications access the server using SQL Server authentication.

You might argue that once a hacker has gained administrative access to your servers you are in deep shit anyway.

But as you might also know most people use the same password everywhere so a hacker gaining access AND getting the passwords of everybody in your company might make matters a lot worse.

Adding insult to injury Microsoft has indicated that they do not intend to address the vulnerability at this time.

The <3 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

The kind people at Sentrigo have therefor released a free software utility to allow users to protect their systems. This after they warned Microsoft and asked for a fix and got a friendly reply information them they weren’t going to do anything.

If you are using mixed authentication mode (“SQL Server & Windows Authentication Mode”) you are vulnerable. SQL Server 2000, 2005, and 2008, running on all supported Windows platforms.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with


Published
Back to top