Previous Security Advisories

Flaws Found In MS SQL Server Password Hashes

June 9, 2002

Dave Litchfield at Next Generation Security Software has released an interesting whitepaper, Microsoft SQL Server Passwords: Cracking the password hashes. It analyzes the pwdencrypt() function, which produces a hash of users’ passwords for storage in the system database. The problem is that the salt used to generate the hash is insecurely time dependent, and based […]

Microsoft SQL Worm Hits Thousands of Servers

May 22, 2002

A SQL exploit worm named SQLSnake or DoubleTap has been spotted infecting nearly 7,000 servers since early this week. A hybrid of executeable code, JavaScript, and batch files, it takes advantage of an old vulnerability in Microsoft SQL Server 7.0 and only works if there is no password on the administrator account. The worm adds […]

  Newer Entries »