Microsoft SQL Weak Password Encryption Vulnerability

Microsoft suggests using Windows Integrated Security. In this mode, SQL user access is tied to Windows user accounts, and no seperate IDs are created. In addition, selecting the option 'Always prompt for login name and password' will prevent passwords from being written to the registry.


Privacy Statement
Copyright 2010, SecurityFocus