SQL Server 2000 Desktop Engine default configuration null password vulnerability

Source: Internet
Author: User
Tags microsoft sql server sql administrator password access

  Involving procedures:

SQL Server Desktop ENGINE,MSDE 1.0

  Description:

Msde/sql Server 2000 Desktop Engine default configuration null password vulnerability

  Detailed:

Microsoft SQL Server Desktop Engine (MSDE) is a product that Microsoft uses to provide database management services.

Microsoft SQL Server Desktop engine is a Microsoft-distributed database SQL SERVER2000 shared data engine.

Microsoft SQL Server Desktop Engine (MSDE) and SQL Server Desktop Engine default configurations have vulnerabilities that can cause remote attackers to access the database with administrator privileges.

Microsoft SQL Server Desktop Engine (MSDE) and SQL Server Desktop Engine default configuration their administrator password is NULL, remote attackers can exploit this vulnerability to access the database with administrator privileges.

There are already worms that exploit Microsoft SQL server and some derivative MSDE and SQL Server Desktop engine's default null password.


  Affected Systems:

Microsoft SQL Server Desktop Engine
Microsoft MSDE 1.0

  Solution:

Microsoft provides the following address reference for security settings for SQL:

* Q322336 how to:verify with the System Administrator Password by Using
Msd

* Q321081 Visio installation of MSDE creates an ' sa ', with a Blank
Password

Interim Solution:

Manually set the strong administrator password

  Attack Method:

No valid attack code



Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.