Patch posted for Microsoft SQL Server vulnerability

Stop your organisation's passwords being displayed

By Tim Greene | Network World US | Published 11:53, 03 September 09

Also in this channel

Oracle patches 41 security flawsDatabase, E-Business suite and Apps server all at risk >>
Oracle to patch 41 security flawsWill they be applied though? >>
MySQL website falls victim to SQL injection attackHackers steal usernames and passwords from Oracle customer website >>
Five LinkedIn privacy settings you need to know aboutBusiness social network still has its dangers >>
How to identify hot job skills with LinkedInBoost your career prospects with social job searches >>
How to get started with Twitter and LinkedInLink together your social network accounts >>

BlackBerry 10

Check out our latest articles about BlackBerry's new mobile OS BlackBerry 10.

Sentrigo has posted a fix for a Microsoft SQL Server vulnerability that reveals passwords to anyone with administrative privileges. The utility, called Passwordizer, is available here.

The vulnerability affects SQL Server 2000, 2005 and 2008, running on all supported Windows platforms that use mixed-authentication mode (SQL Server and Windows Authentication mode).

The danger lies in the fact that users employ the same password across multiple systems, making it possible for an attacker who gains the SQL Server password to access the other systems or to access personal accounts that use the same passwords, Sentrigo says.

The company's researchers discovered personal passwords unencrypted in SQL Server memory when they accessed the server using administrative privileges. The company says that best practices call for even legitimate administrators never to see actual passwords. Hackers who gain administrative access could find these passwords as well, Sentrigo says.

In addition to passwords, the flaw leaves credentials of applications in the clear. Sentrigo describes the vulnerability as significant.

Sentrigo says it has told Microsoft about the vulnerability.

Slideshows: Best tools for social media analytics

Also in slideshows :

Access Computerworld on your mobile

Get the latest news & updates from Computerworld UK on the move. Find out more

BlackBerry 10

Check out our latest articles about BlackBerry's new mobile OS BlackBerry 10.

Virtualising the heart of your business

Explore ways to meet the requirements of today's cloud computing and Big Data challenges.

Cloud storage

Check out our latest articles about cloud storage on Computerworld UK.

How to post to Google+ by email

Send your updates to the Google network with the magic of automation

Exposed: SAP’s heavy handed tactics against Spinnaker at SAPPHIRE

The revelations come shortly after SAP’s CEO said he wasn’t concerned with the rise of third party suppliers

Microsoft Project 2013 - What new business application delivers

Project 2013 is an improved tool for planning, collaboration and communication for project managers and team members

IT's new concern: The personal cloud

How to Block Google Ads in Gmail

Don't like Google Ads? Here's how to adjust your settings and block advertisers

Airbus deploys big data platform to build A350 XWB just right

Airbus will use the Spotfire Analytics platform from TIBCO

Microsoft Excel and Word 2013 best add-ons

We look at some of the most useful Office 'apps' available for Excel and Word 2013

10 mobile business intelligence apps for on-the-go analysis

Mobile business applications will keep your employees connected to the real-time data that helps them make key business decisions. These 10 apps are more than just colourful charts and graphs

U.S. gets flood of H-1B petitions on first day

Sky customers furious after troubled email migration from Gmail to Yahoo!

Universal Credit in the spotlight again as pilot timetable changes

Blogs

IT and marketing: Separate agency hype from reality

Evaluate service providers' technical competenciesread more »

Why is effortless customer service so hard to deliver?

It's partly an ownership issueread more »

Do you know what your customers need?

Communication channel preferences for customer service are rapidly changingread more »

Refactoring the product owner

It's not easy to eliminate the confussion caused by multiple stakeholdersread more »

more blogs ..

Cloudian connects with Citrix for easier cloud rollouts

Cloud Computing >>

French police end missing persons searches, suggest using Facebook instead

IT Business >>

Google engineer bashes Microsoft's handling of security researchers, discloses Windows zero-day

Applications >>

HP profit falls 32 percent as PC and server sales decline

Infrastructure >>

Blue Coat Systems to acquire security analytics firm Solera Networks

Security >>

Google to boost speed, cut data use on mobile devices

Operating Systems >>

Slideshows
White Papers
Videos
Newsletters

Login

Please login to ComputerworldUK.com

Forgot password?

Not a member yet?

Register for a Computerworld UK Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.
Register

Patch posted for Microsoft SQL Server vulnerability

Stop your organisation's passwords being displayed

Slideshows: Best tools for social media analytics

Access Computerworld on your mobile

BlackBerry 10

Virtualising the heart of your business

Cloud storage

Most Popular in Applications

How to post to Google+ by email

Exposed: SAP’s heavy handed tactics against Spinnaker at SAPPHIRE

Microsoft Project 2013 - What new business application delivers

IT's new concern: The personal cloud

How to Block Google Ads in Gmail

Airbus deploys big data platform to build A350 XWB just right

Microsoft Excel and Word 2013 best add-ons

10 mobile business intelligence apps for on-the-go analysis

Editor's Pick

U.S. gets flood of H-1B petitions on first day

Sky customers furious after troubled email migration from Gmail to Yahoo!

Universal Credit in the spotlight again as pilot timetable changes

Blogs

IT and marketing: Separate agency hype from reality

Why is effortless customer service so hard to deliver?

Do you know what your customers need?

Refactoring the product owner

Cloudian connects with Citrix for easier cloud rollouts

French police end missing persons searches, suggest using Facebook instead

Google engineer bashes Microsoft's handling of security researchers, discloses Windows zero-day

HP profit falls 32 percent as PC and server sales decline

Blue Coat Systems to acquire security analytics firm Solera Networks

Google to boost speed, cut data use on mobile devices

Login

Not a member yet?

Sponsored Links »

Popular Topics »