Microsoft SQL Server 7.0 System Administrator Password Disclosure Vulnerability

During the installation routine of SQL Server 7.0 Service Pack 1, 2 and 3, two files are created in the %TEMP% directory named 'sqlsp.log' and 'setup.iss' which store the System Administrator (sa) password in plaintext. Any user who is logged on locally to the machine running SQL Server 7.0 can access this file.

The System Administrator (sa) password is recorded in plaintext in 'sqlsp.log' and 'setup.iss' only under the conditions that SQL Server 7.0 Service Pack 1, 2 or 3 has been installed and both Mixed Mode user authentication and SQL Server Authentication is being implemented.


Privacy Statement
Copyright 2010, SecurityFocus