diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)


SQL Server vulnerability is a ‘non-issue’, Microsoft

Microsoft is downplaying a SQL Server security flaw that could be exploited by someone with administrative privileges to see users’ unencrypted passwords. The vulnerability was discovered last year by database security vendor Sentrigo when one of their researchers noticed that the unique string of their personal password was visible in memory in SQL Server. “Passwords used to login to SQL Server’re stored in memory in clear text,” explained Sentrigo CTO Slavik Markovich. “These’re not erased until SQL Server is restarted, so (they) may in many cases include passwords going back for weeks or months in production environments. It is a simple matter of dumping memory in byte format, and reviewing the contents looking for usernames, which will be followed by the password.” Despite this, Microsoft contends the vulnerability is much ado about nothing. “Microsoft has thoroughly investigated claims of vulnerabilities in SQL Server and found that these are not product vulnerabilities requiring Microsoft to issue a security update,” a spokesman said.

Share This Story, Choose Your Platform!

Get Latest News

Subscribe to Digital News Hub

Get our daily newsletter about the latest news in the industry.
First Name
Last Name
Email address
Secure and Spam free...