 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.11322 |
| Category: | Windows |
| Title: | MS SQL Installation may leave passwords on system |
| Summary: | NOSUMMARY |
| Description: | Description: The installation process of the remote MS SQL server left files named 'setup.iss' on the remote host. These files contain the password assigned to the 'sa' account of the remote database. An attacker may use this flaw to gain full administrative access to your database. See http://www.microsoft.com/technet/security/bulletin/ms02-035.mspx Risk factor : High |
| Cross-Ref: |
BugTraq ID: 5203 Common Vulnerability Exposure (CVE) ID: CVE-2002-0643 http://www.securityfocus.com/bid/5203 Bugtraq: 20020711 SQL Server 7 & 2000 Installation process and Service Packs write encoded passwords to a file (Google Search) http://marc.info/?l=bugtraq&m=102640092826731&w=2 CERT/CC vulnerability note: VU#338195 http://www.kb.cert.org/vuls/id/338195 Microsoft Security Bulletin: MS02-035 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-035 http://marc.info/?l=vuln-dev&m=102640394131103&w=2 |
| Copyright | This script is Copyright (C) 2003 Renaud Deraison |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |