[23111] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

MS SQL 7.0 DTS saved packages contain plain text passwords

daemon@ATHENA.MIT.EDU (Floyd Russell)
Mon Nov 12 16:39:54 2001

From: "Floyd Russell" <floyd@neospire.net>
To: <bugtraq@securityfocus.com>
Date: Mon, 12 Nov 2001 12:18:10 -0600
Message-ID: <PBECJIHIEGDLNFICLDMAEEOFCOAA.floyd@neospire.net>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

When creating a Data Transformation Service (DTS) Package be carefull. The
saved
file does not encrypt the passwords that the package will use when executed.
If a
client could convice an admin to create an example DTS package for
troubleshooting
then the client would have the admin's SQL password. Of course no admin
would ever
use a high level account for that sort of thing. :)

Floyd Russell


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[23111] in bugtraq

MS SQL 7.0 DTS saved packages contain plain text passwords

daemon@ATHENA.MIT.EDU (Floyd Russell)Mon Nov 12 16:39:54 2001

daemon@ATHENA.MIT.EDU (Floyd Russell)
Mon Nov 12 16:39:54 2001