Bugtraq mailing list archives
Re: Steal Passwords Using SQL Server EM
From: Russ.Cooper () RC ON CA (Russ)
Date: Tue, 30 May 2000 09:36:34 -0400
Justin Gunther said;
If you have access to a SQL Server database, as a normal user, you have the ability to view others passwords who have created a DTS package.
Well, it could be argued that the Administrators of the SQL Server in question have left it open. They could have setup the SQL Server to use NT authentication only, thus preventing the display of userID and password (in asterisks) in any components, including DTS packages authored by their users. Of course this can present legacy issues and is likely why they opted not to restrict it (despite it being strongly recommended by MS.) Cheers, Russ - NTBugtraq Editor
Current thread:
- Steal Passwords Using SQL Server EM Justin Gunther (May 25)
- <Possible follow-ups>
- Re: Steal Passwords Using SQL Server EM Russ (May 30)
- Fw: Steal Passwords Using SQL Server EM Martin Drury (May 30)