Family: Databases --> Category: infos
Microsoft's SQL version less than or equal to 7 Vulnerability Scan
Vulnerability Scan Summary
Microsoft SQL less than or equal to 7 may be misconfigured
Detailed Explanation for this Vulnerability Test
Based on version number, the remote host may be vulnerable to a local exploit
wherein authenticated user can obtain and crack SQL username and password
from the registry
A possible hacker may use this flaw to elevate their rights on the local database.
*** This alert might be a false positive, as Nessus did not actually
*** check for this flaw but solely relied on the existence of MS SQL 7 to
*** issue this alert
Solution: Ensure that the configuration has enabled Always prompting for
login name and password
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.