OSVDB ID: 15757

Title: Microsoft SQL Server sa Account Default Null Password

Info

Disclosure
Jul 10, 2000

Discovery
Unknown

Dates

Exploit
Jul 10, 2000

Solution
Unknown

Description

 By default, Microsoft SQL Server installs with a default password. The 'sa' account has a null password which is publicly known and documented. This allows remote attackers to trivially access the program or system.

Classification

 Location: Remote/Network Access Required
Attack Type: Authentication Management
Impact: Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

 Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: secure the 'sa' account with a password.

Products

Tumbleweed Communications Corp.

Messaging Management System

 4.5
4.4
4.3

Hewlett-Packard Development Company, L.P.

Compaq Insight Manager

 XE 1.x
7 All Versions

Microsoft Corporation

Visio

 2000 Enterprise Edition
2000 Enterprise Edition SR-1

SQL Server

 2000 Standard Edition
7.0 Standard Edition

MSDE

 1.0

References

Credit

Unknown or Incomplete


Direct URL: http://osvdb.org/36218