MS02-035: MS SQL Installation may leave passwords on system (263968)
Medium Nessus Plugin ID 11322
SynopsisIt may be possible to get the remote SQL Server's administrator password.
DescriptionThe installation process for the remote MS SQL Server left files named 'setup.iss' on the remote host. These files contain the password assigned to the 'sa' account of the remote database.
An attacker who manages to view these files may be able to leverage this issue to gain full administrative access to the application.
SolutionMicrosoft has released a set of patches for SQL Server 7 and 2000.