The Active Network
ActiveMac Anonymous | Create a User | Reviews | News | Forums | Advertise  
 

User Controls

New User

Login

Edit/View My Profile

ActiveMac

Articles

Forums

Links

News

News Search

Reviews

News Centers

Windows/Microsoft

DVD

ActiveHardware

Xbox

MaINTosh

News Search

ANet Chats

The Lobby

Special Events Room

Developer's Lounge

XBox Chat

FAQ's

Windows 98/98 SE

Windows 2000

Windows Me

Windows "Whistler" XP

Windows CE

Internet Explorer 6

Internet Explorer 5

Xbox

DirectX

DVD's

TopTechTips

Registry Tips

Windows 95/98

Windows 2000

Internet Explorer 4

Internet Explorer 5

Windows NT Tips

Program Tips

Easter Eggs

Hardware

DVD

Latest Reviews

Applications

Microsoft Windows XP Professional

Norton SystemWorks 2002

Hardware

Intel Personal Audio Player 3000

Microsoft Wireless IntelliMouse Explorer

Site News/Info

About This Site

Affiliates

ANet Forums

Contact Us

Default Home Page

Link To Us

Links

Member Pages

Site Search

Awards

Credits
©1997/2004, Active Network. All Rights Reserved.
Layout & Design by Designer Dream. Content written by the Active Network team. Please click here for full terms of use and restrictions or read our Privacy Statement.

  *  

  Microsoft Security Bulletin MS02-035: SQL Server Installation Process May Leave Passwords on System (Q263968)
Time: 03:52 EST/08:52 GMT | News Source: Microsoft TechNet Security | Posted By: Matthew Sabean

When installing SQL Server 7.0 (including MSDE 1.0), SQL Server 2000, or a service pack for SQL Server 7.0 or SQL Server 2000, the information provided for the install process is collected and stored in a setup file called setup.iss. The setup.iss file can then be used to automate the installation of additional SQL Server systems. SQL Server 2000 also includes the ability to record an unattended install to the setup.iss file without having to actually perform an installation. The administrator setting up the SQL Server can supply a password to the installation routine under the following circumstances:
- If the SQL Server is being set up in "Mixed Mode", a password for the SQL Server administrator (the "sa" account) must be supplied.
- Whether in Mixed Mode or Windows Authentication Mode, a User ID and password can optionally be supplied for the purpose of starting up SQL Server service accounts.

In either case, the password would be stored in the setup.iss file. Prior to SQL Server 7.0 Service Pack 4, the passwords were stored in clear text. For SQL Server 7.0 Service Pack 4 and SQL Server 2000 Service Packs 1 and 2, the passwords are encrypted and then stored. Additionally, a log file is created during the installation process that shows the results of the installation. The log file would also include any passwords that had been stored in the setup.iss file.
A security vulnerability results because of two factors:
- The files remain on the server after the installation is complete. Except for the setup.iss file created by SQL Server 2000, the files are in directories that can be accessed by anyone who can interactively log on to the system.
- The password information stored in the files is either in clear text (for SQL Server 7.0 prior to Service Pack 4) or encrypted using fairly weak protection. An attacker who recovered the files could subject them to a password cracking attack to learn the passwords, potentially compromising the sa password and/or a domain account password.

Download locations for this patch The KillPwd utility can be obtained at the following location:
Microsoft SQL 7, MSDE 1.0, and Microsoft SQL Server 2000:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=40205

Write Comment
Return to News

  Displaying 701 through 706 of 706
Prev | First 		  The time now is 3:36:22 PM ET.
Any comment problems? E-mail us
#701 By 4240821 (82.115.4.230) at 11/25/2025 1:46:36 AM
https://smutty.su/activf5a4ah4hdh
https://sexonly.su/activah4ghdfa5e
https://nsfw.su/activffhhhhcahf
https://lustful.su/activfe335c3hc1
https://sexonly.su/activdfa14h3e2g
https://sexonly.top/activabbefafgef
https://lustful.su/active4a3c12ahe
https://sexonly.top/activf44dbae415
https://lustful.su/activ34dbeecgf5
https://sluts.su/activ3ec2dfecgd

#702 By 4240821 (82.115.4.230) at 11/25/2025 9:12:54 AM
https://nsfw.su/activ5g2bge4dbb
https://sexonly.su/activage2g5h5b5
https://lustful.su/activgdad25bdf5
https://nsfw.su/activac33aba12a
https://sexonly.top/activ34bbd3ae4c
https://lustful.su/activgg15b1gfeh
https://lustful.su/activch3bb32g2e
https://smutty.su/activ55dbchc4a4
https://nsfw.su/activ53fdggh32f
https://lustful.su/activ1hdb3ca5ag

#703 By 4240821 (82.115.4.230) at 11/25/2025 1:56:37 PM
https://telegra.ph/emily-blunt-drops-jaw-dropping-look-as-new-blockbuster-trailer-teases-epic-twist-11-19
https://telegra.ph/Monster-Hunter-Secret-Lair-Unveiled-Hidden-Realm-of-Epic-Battles-Revealed-11-19
https://telegra.ph/Gambias-Surprising-Economic-Boom-How-a-Small-Nation-is-Outpacing-Its-Neighbors-11-19
https://telegra.ph/Nye-Borgerliges-Bold-New-Strategy-Shaping-Denmarks-Future-with-Unwavering-Resolve-11-19
https://telegra.ph/St-Louis-Blues-Historic-Win-A-Game-Changer-in-the-NHL-Season-11-19
https://telegra.ph/Bachelor-Bombshell-Fiery-Finale-Reveals-Hidden-Truths-and-Sparks-a-Frenzy-11-19
https://telegra.ph/playstation-drops-jaw-dropping-upgrade-that-makes-every-game-feel-brand-new-11-19
https://telegra.ph/ricky-tiedemann-explodes-onto-the-scene-sending-MLB-buzz-into-overdrive-11-19
https://telegra.ph/Filippo-Champagne-Unveils-Luxe-Limited-Edition-Bottles-to-Celebrate-Milestone-11-19
https://telegra.ph/Jacob-Quillans-Breakthrough-Goals-Shaping-the-Future-of-Innovation-11-19

#704 By 4240821 (208.123.185.42) at 11/27/2025 3:49:00 AM
https://lustful.su/activ4gcced35bb
https://sexonly.su/activcbh4f5achd
https://smutty.su/activd5c5ff55h2
https://sluts.su/activh1b55bb55f
https://sluts.su/activb13ege1e1f
https://sexonly.su/activb2da34ed24
https://nsfw.su/activd3ffhh514e
https://smutty.su/activ4bdbc1c3ga
https://sexonly.su/activ21ebh4eaca
https://smutty.su/activ23dabece34

#705 By 4240821 (208.123.185.42) at 11/27/2025 5:07:32 AM
https://sexonly.top/active324452e2h
https://nsfw.su/activch312c4aba
https://lustful.su/activ3edeb51e1c
https://sexonly.su/activ5d35h33ae5
https://nsfw.su/active55f412542
https://lustful.su/activeadhbage24
https://smutty.su/activee2h1433a4
https://smutty.su/activf32c13e3fg
https://lustful.su/activd1g434ac4g
https://sexonly.top/activdfef1adf35

#706 By 4240821 (208.123.185.42) at 11/27/2025 7:38:12 AM
https://telegra.ph/Nail-biting-late-drama-elche-mot-real-madrid-shocks-the-league-and-fans-go-wild-11-24-2
https://telegra.ph/La-Rams-Surprising-Comeback-From-28-0-Down-to-Winning-the-Super-Bowl-11-24
https://telegra.ph/Luis-Tosar-Shatters-Expectations-with-Stunning-New-Role-in-Blockbuster-Drama-11-24
https://telegra.ph/kyren-williams-explodes-for-breakout-performance-electrifying-the-stadium-in-a-historic-night-11-24-2
https://telegra.ph/Ross-Antony-Stuns-Fans-with-Unexpected-Musical-Comeback-Amid-Viral-Social-Media-Buzz-11-24-2
https://telegra.ph/FFK-mot-Viking-The-Unexpected-Turn-That-Shook-the-Sports-World-11-24
https://telegra.ph/emeka-egbuka-Unleashes-Game-Changing-Move-That-Has-the-Industry-Watching-11-24
https://telegra.ph/claire-danes-Stuns-on-Red-Carpet-in-Daring-Neon-Gown-Fans-Cant-Look-Away-11-24-2
https://telegra.ph/Inter-Milans-Shocking-Transfer-Shakes-European-Football-11-24
https://telegra.ph/Stars-beck-fans-into-a-frenzy-with-sizzling-new-album-drop-11-24

Write Comment
Return to News
  Displaying 701 through 706 of 706
Prev | First 		  The time now is 3:36:22 PM ET.
Any comment problems? E-mail us
User name and password:

 

   *  
  *   *