Microsoft SQL Server 6.5 stores the SQLExecutiveCmdExec in registry using weak encryption algorithm
| mssql-sqlexecutivecmdexec-password (7354) |  Medium Risk |
Description:
Microsoft SQL Server stores the SQLExecutiveCmdExec account password in the system registry using a weak encryption algorithm. The REG_BINARY value for CmdExecAccount stored in the HKLM\SOFTWARE\Microsoft\MSSqlServer\SQLExecutive registry key is the password for the SQLExecutiveCmdExec account, which is encrypted using the PKZip encryption algorithm and a fixed key. A local attacker could obtain this password value and easily decrypt it to gain unauthorized access to the SQLExecutiveCmdExec account, which has very limited database privileges.
Platforms Affected:
- Microsoft, SQL Server 6.5
Remedy:
No remedy available as of November 22, 2008.
Consequences:
Gain Access
References:
- NTBugTraq Mailing List, Mon, 29 Jun 1998 22:00:43 -0400, MS SQL Server 6.5 stores password in unprotected registry keys at http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9806&L=ntbugtraq&F=P&S=&P=10211.
- BID-109: NT SQL Server Password Vulnerability
- CVE-1999-1556: Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value.
Reported:
Jun 29, 1998
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net