 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.10673 |
| Categoría: | Default Accounts |
| Título: | Microsoft SQL (MSSQL) Server Blank Password (TCP/IP Listener) |
| Resumen: | The remote Microsoft SQL (MSSQL) Server has the default 'sa'; account enabled without any password defined. |
| Descripción: | Summary: The remote Microsoft SQL (MSSQL) Server has the default 'sa' account enabled without any password defined. Vulnerability Impact: An attacker can use these accounts to read and/or modify data on the Microsoft SQL Server. In addition, the attacker may be able to launch programs on the target operating system. Solution: Disable this account, or set a password to it. In addition to this, it is suggested you filter incoming TCP traffic to this port. For MSDE (OEM versions without MSQL console) : C:\MSSQL7\BINN\osql -U sa At the Password: prompt press Type the following replacing .password. with the password you wish to assign, in single quotes: EXEC sp_password NULL, .password., .sa. go exit CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2000-1209 BugTraq ID: 4797 http://www.securityfocus.com/bid/4797 Bugtraq: 20000710 MSDE / Re: Default Password Database (Google Search) http://marc.info/?l=bugtraq&m=96333895000350&w=2 Bugtraq: 20000810 Tumbleweed Worldsecure (MMS) BLANK 'sa' account password (Google Search) http://marc.info/?l=bugtraq&m=96593218804850&w=2 Bugtraq: 20000815 MS-SQL 'sa' user exploit code (Google Search) http://security-archive.merton.ox.ac.uk/bugtraq-200008/0233.html Bugtraq: 20000816 Released Patch: Tumbleweed Worldsecure (MMS) BLANK 'sa' account password (Google Search) http://marc.info/?l=bugtraq&m=96644570412692&w=2 Bugtraq: 20020522 Opty-Way Enterprise includes MSDE with sa <blank> (Google Search) http://online.securityfocus.com/archive/1/273639 CERT/CC vulnerability note: VU#635463 http://www.kb.cert.org/vuls/id/635463 COMPAQ Service Security Patch: SSRT2195 ISS Security Advisory: 20020521 Microsoft SQL Spida Worm Propagation Microsoft Knowledge Base article: Q313418 http://support.microsoft.com/default.aspx?scid=kb;[LN];Q313418 Microsoft Knowledge Base article: Q321081 http://support.microsoft.com/default.aspx?scid=kb;EN-US;q321081 http://www.osvdb.org/3570 http://www.iss.net/security_center/static/1459.php |
| Copyright | Copyright (C) 2001 HD Moore |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |