Microsoft SQL Weak Password Encryption Vulnerability

If 'Always prompt for login name and password' is not set, and Windows Integrated Security is not being used, Enterprise Manager for SQL Server 7 will save the login ID and password in the registry key HKCU\SOFTWARE\Microsoft\MSSQLServer\SQLEW\Registered Server X. The algorithm used to encrypt the password consists of XORing each character with a two byte value dependant on the character's position in the string.

If 'Always prompt for login name and password' is set, or Windows Integrated Security is used, the ID and password are not saved at all.

Reportedly SQL Server 6.5 stores the password in the same location but in plain text.


Privacy Statement
Copyright 2010, SecurityFocus