Microsoft SQL Server Enterprise Manager Password Disclosure Vulnerability

2000-07-11T00:00:00
ID SMNTC-1466
Type symantec
Reporter Symantec Security Response
Modified 2000-07-11T00:00:00

Description

Description

Microsoft SQL Server 7.0 Enterprise Manager is vulnerable to a password disclosure vulnerability similar to that described in BugTraq ID 1292. The Registered Servers dialogue can contain a password field with the password "hidden" by asterisks. It is trivial to obtain the otherwise unprotected password; a number of free utilities exist which can accomplish this.

Technologies Affected

  • Microsoft SQL Server 7.0