|
Family: Windows : Microsoft Bulletins --> Category: infos
MS SQL Installation may leave passwords on system Vulnerability Scan
Vulnerability Scan Summary Reads %windir%\setup.iss
Detailed Explanation for this Vulnerability Test
Synopsis :
It may be possible to get SQL server administrator password.
Description :
The installation process of the remote MS SQL server left
files named 'setup.iss' on the remote host.
These files contain the password assigned to the 'sa' account
of the remote database.
A possible hacker may use this flaw to gain full administrative
access to your database.
Solution :
Microsoft has released a set of patches for SQL Server 7 and 2000 :
http://www.microsoft.com/technet/security/bulletin/ms02-035.mspx
Threat Level:
Medium / CVSS Base Score : 6
(AV:R/AC:H/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|