By Pia Heikkila, 21 May 2002 17:00
NEWS Microsoft's SQL server is wide open to a hack attack if the password is left on its default setting.
Researchers at security company Trend Micro have discovered a "huge number" of connection attempts on port 1433 (MSSQL Port).
According to the company, the connection attempts look like a hack attack. At first, an MSSQL handshake is transferred, which is not unusual. But afterwards, a second packet is sent, and this packet is an attempt to log-in to the SQL server, using the account name "sa" and an empty password.
This is the default authentication set-up for SQL installation.
Trend Micro said in a statement: "Some of our key accounts have confirmed our observation, which led us to publish this security advisory. Some firewall logs at customer sites even show that some of the attacks started 20 May. We have not determined the source of these malicious attacks."
Trend Micro has advised companies to check their firewall configuration to prevent the attack and ensure all the SQL servers have a proper password in place.
Microsoft has also published an advisory, which can be found at:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
In order to post a comment you need to be registered and logged in.
Log in or create your silicon.com account below