Búsqueda de    
Vulnerabilidad   
    Buscar 191973 Descripciones CVE y
86218 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.10673
Categoría:Default Accounts
Título:Microsoft's SQL Blank Password
Resumen:The remote MS SQL server has the default 'sa' account; enabled without any password.
Descripción:Summary:
The remote MS SQL server has the default 'sa' account
enabled without any password.

Vulnerability Impact:
An attacker may use this flaw to execute commands against
the remote host, as well as read your database content.

Solution:
Disable this account, or set a password to it. In addition
to this, it is suggested you filter incoming tcp traffic to this port.

For MSDE (OEM versions without MSQL console) :

C:\MSSQL7\BINN\osql -U sa

At the Password: prompt press .

Type the following replacing .password. with the password you wish to
assign, in single quotes:

EXEC sp_password NULL, .password., .sa.

go

exit

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: BugTraq ID: 1281
BugTraq ID: 4797
Common Vulnerability Exposure (CVE) ID: CVE-2000-1209
http://www.securityfocus.com/bid/4797
Bugtraq: 20000710 MSDE / Re: Default Password Database (Google Search)
http://marc.info/?l=bugtraq&m=96333895000350&w=2
Bugtraq: 20000810 Tumbleweed Worldsecure (MMS) BLANK 'sa' account password (Google Search)
http://marc.info/?l=bugtraq&m=96593218804850&w=2
Bugtraq: 20000815 MS-SQL 'sa' user exploit code (Google Search)
http://security-archive.merton.ox.ac.uk/bugtraq-200008/0233.html
Bugtraq: 20000816 Released Patch: Tumbleweed Worldsecure (MMS) BLANK 'sa' account password (Google Search)
http://marc.info/?l=bugtraq&m=96644570412692&w=2
Bugtraq: 20020522 Opty-Way Enterprise includes MSDE with sa <blank> (Google Search)
http://online.securityfocus.com/archive/1/273639
CERT/CC vulnerability note: VU#635463
http://www.kb.cert.org/vuls/id/635463
COMPAQ Service Security Patch: SSRT2195
ISS Security Advisory: 20020521 Microsoft SQL Spida Worm Propagation
Microsoft Knowledge Base article: Q313418
http://support.microsoft.com/default.aspx?scid=kb;[LN];Q313418
Microsoft Knowledge Base article: Q321081
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q321081
http://www.osvdb.org/3570
http://www.iss.net/security_center/static/1459.php
CopyrightCopyright (C) 2001 H D Moore

Esta es sólo una de 86218 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2020 E-Soft Inc. Todos los derechos reservados.