According to Microsoft, when SQL Server 7.0 Service Pack 1 (SP1) or SP2 is installed on a machine configured to perform authentication using Mixed Mode, the password for the SQL Server standard security System Administrator account is recorded in plain text in the file \%TEMP%\sqlsp.log. The file's default permissions let any user that can log on interactively to the server read the file. Microsoft has updated SP2 to help guard against the risk. For more information, go to http://www.ntsecurity.net/go/load.asp?iD=/security/sql7-5.htm
0 comments
Hide comments