Weak security is always going to bite you. The first thing any Hacker, Auditor, Penetration Tester or RAS is going to try is passwords that are the same as the user.
So how can we check this? well a handy little script that uses PwdCompare, to checked the hashed password with the user name.
here it is:-
use master
select
cast(@@SERVERNAME as varchar(150)) as SQLInstanceName
,name as [LoginName]
,'Password is same as Login Name' [Description]
from syslogins
WHERE PWDCOMPARE (name,password) = 1
So how can we check this? well a handy little script that uses PwdCompare, to checked the hashed password with the user name.
here it is:-
use master
select
cast(@@SERVERNAME as varchar(150)) as SQLInstanceName
,name as [LoginName]
,'Password is same as Login Name' [Description]
from syslogins
WHERE PWDCOMPARE (name,password) = 1
No comments:
Post a Comment
Your views:-