[16361] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: MS-SQL 'sa' user exploit code

daemon@ATHENA.MIT.EDU (Domas Mituzas)
Wed Aug 23 11:43:05 2000

Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id:  <Pine.BSF.4.21.0008231328140.6354-100000@space.dammit.lt>
Date:         Wed, 23 Aug 2000 13:33:47 +0200
Reply-To: Domas Mituzas <midom@SPACE.DAMMIT.LT>
From: Domas Mituzas <midom@SPACE.DAMMIT.LT>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  <20000820155453.20191.qmail@web4602.mail.yahoo.com>

MS-SQL 'sa' was inherited from Sybase Adaptive Server Enterprise, that
has the same default login with NULL password. Moreover, other database
products have same problems. As Sybase Adaptive Server Anywhere is now
also reachable via TDS on IP, you may use the default DBA account with
password 'sql'. But every documentation shows how to change password after
the install.

With respect,
Domas Mituzas
Duomenu bazes ir technologijos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[16361] in bugtraq

Re: MS-SQL 'sa' user exploit code

daemon@ATHENA.MIT.EDU (Domas Mituzas)Wed Aug 23 11:43:05 2000

daemon@ATHENA.MIT.EDU (Domas Mituzas)
Wed Aug 23 11:43:05 2000