SQL Server 7.0 SP1 and SP2 Expose Admin Password

According to Microsoft, when SQL Server 7.0 Service Pack 1 (SP1) or SP2 is installed on a machine configured to perform authentication using Mixed Mode, the password for the SQL Server standard security System Administrator account is recorded in plain text in the file \%TEMP%\sqlsp.log. The file's default permissions let any user that can log on interactively to the server read the file. Microsoft has updated SP2 to help guard against the risk. For more information, go to http://www.ntsecurity.net/go/load.asp?iD=/security/sql7-5.htm

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish