Suggest A Fix PC Support Forums > MS Alert: SQL Server May Disclose Database Passwor

Full Version: MS Alert: SQL Server May Disclose Database Passwor

Suggest A Fix PC Support Forums > Security > Security News and Warnings

73-997563179

Nov 15 2001, 12:49 AM

A vulnerability was reported in Microsoft's SQL Server software. When Data Transformation Service (DTS) packages are created, database passwords may be disclosed within the package. A user receiving a DTS package may obtain the SQL Server database password of the user that created the package. It is reported that the saved file does not encrypt the passwords that the package will use when executed. As a result, the password of the user creating the package may be disclosed to the recipient of the DTS package.

There was no solution available from Microsoft at this time. It is suggested that using a sensitive user account to create DTS packages would not be advised.

Reported by: "Floyd Russell"

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.