Pwdencrypt() Weakness

By Bill Graziano on 10 July 2002 | Tags: Security

Uberbloke submitted From "The Register" The inner workings of the undocumented pwdencrypt() hash function in Microsoft SQL Server have been revealed in a paper by security researcher David Litchfield of Next Generation Security Software (NGSS). Sort of thing that we ought to know about, I suppose. Thanks! The article is really a scare piece. It's really only a problem if you're already a system administrator on SQL Server. The other issue is if you used pwdencrypt() to secure other data in SQL Server. Turns out it's not quite that secure.

Link: Pwdencrypt() Weakness

Related Articles

Alerts for when Login Failures Strike (14 July 2008)

SQL Server Connection Strings (14 November 2007)

Understanding the Difference between Owners and Schemas in SQL Server (5 October 2007)

Improving Data Security by Using SQL Server 2005 (28 October 2005)

10 Steps to Help Secure SQL Server 2000 (16 September 2003)

MS Security Vulnerability (11 September 2003)

MS Response to the Slammer Worm (26 January 2003)

Building and Configuring More Secure Web Sites (21 December 2002)

Other Recent Forum Posts

Reverting or rollback on an Availability Group upgrade to new nodes (3d)

More efficient qurty (7d)

Error 1204 every 13-15 minutes (7d)

SQL Server 2019 CU vs GDR update which one is correct? (15d)

Need To Generate Shift Rotation Weekwise Rather 7 Day Wise For The Yearmonth 202508 (48d)

Improving update statistics process for 6 big tables (57d)

Peer to Peer Replication is not working between 2 different machines (57d)

SQL HELP in SSMS: The query references an object that is not supported in distributed processing mode (91d)

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources

Articles

Forums

Blogs

Contact Us

About the Site