Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » SQL Server Cached Credentials Vulnerability

SQL Server Cached Credentials Vulnerability

by platon on June 18th, 2001 A vulnerability exists in Microsoft SQL Server 2000 and SQL Server 7.0 that can let an attacker execute SQL queries using the systems administrator (sa) security context.


When a user terminates a client connection to a SQL Server, the connection remains cached for a period of time because of performance reasons.


One SQL query method contains this cache vulnerability, making it possible for an attacker to use the query to reuse a cached connection that once belonged to the sa account.


An attacker can then take actions on the database (e.g., running code), and under the right conditions, assume full control of the server.




Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »