Bugtraq mailing list archives
Re: MS-SQL 'sa' user exploit code
From: Neil Pike <NeilPike () COMPUSERVE COM>
Date: Wed, 16 Aug 2000 03:39:49 -0400
This is "fixed" in SQL 2000, where the default is NT integrated security and you have to manually override this and confirm you want a "standard" login, and confirm again if you want it to have a blank password... But anyone who leaves the default in SQL 7 or below deserves all they get!
It has come to light that it is now common knowledge that MS-SQL has a
blank
'sa' password by default. This seems to affect a _lot_ of servers on the internet.
Neil Pike MVP/MCSE Protech Computing Ltd
Current thread:
- MS-SQL 'sa' user exploit code herbless (Aug 15)
- <Possible follow-ups>
- Re: MS-SQL 'sa' user exploit code Neil Pike (Aug 17)
- Re: MS-SQL 'sa' user exploit code Microsoft Security Response Center (Aug 18)
- Re: MS-SQL 'sa' user exploit code Jon Keeter (Aug 21)
- Re: MS-SQL 'sa' user exploit code Domas Mituzas (Aug 23)