Microsoft SQL Server Enterprise Manager Password Disclosure Vulnerability

Microsoft SQL Server 7.0 Enterprise Manager is vulnerable to a password disclosure vulnerability similar to that described in BugTraq ID 1292. The Registered Servers dialogue can contain a password field with the password "hidden" by asterisks. It is trivial to obtain the otherwise unprotected password; a number of free utilities exist which can accomplish this.


 

Privacy Statement
Copyright 2010, SecurityFocus