COMMAND

    MS-SQL Enterprise Manager

SYSTEMS AFFECTED

    WinNT with MS-SQL Enterprise Manager 6.0 & 6.5

PROBLEM

    Fernando Kohan  posted following.   There's security  flaw in  the
    Emterprise Manager tool shipped with Microsoft SQL Server versions
    6.0  and  6.5.  This  flaw  consists  in  the following:  When you
    register a new server, you are given the option of using a Trusted
    Connection,  or  Standard  Security.  In  the  case  of   standard
    security, you  are requested  a user  name and  password valid for
    that server (usually sa).  Now, the tool caches that password  for
    further uses.  If any user  comes across a computer which has  the
    Enterprise Manager tool configured in this way, he can simply edit
    the server registration. The password will be shown with asterisks
    (*) in place of the  password characters.  However, the  asterisks
    are merely placeholders for the real characters.  This means  that
    if  you  attempt   to  replace  the   first  asterisks   different
    characters, one at a time, and attempt to modify the registration,
    the  modification  will  succeed  when  the  correct  character is
    entered.  Repeating  this procedure one  character at a  time will
    reveal the password.  It is simply a matter of creating a  program
    to do this  cycling for us,  in order to  crack the password  in a
    matter of seconds.

SOLUTION

    Nothing yet.