[unisog] new virus?

Michael Holstein michael.holstein at csuohio.edu
Thu Feb 24 17:04:20 GMT 2005


> Just for reference, I had an admin who had an mssql server that he swore 
> did not have a blank SA password.  Nessus kept saying he did.  I finally 
> connected remotely via the mssql manager without a password.  Then he 
> believed me; though it took him three tries to successfully get a 
> password on the account.

Also bear in mind that MSDE (desktop edition) installs by default with a 
blank 'sa' password and has all the functionality (worm-wise anyway) as 
the full version of SQL.

Here's the KB on that pesky little problem :

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q322336

~Cheers,

Michael Holstein CISSP GCIA
Cleveland State University



More information about the unisog mailing list