| VID |
27093 |
| Severity |
30 |
| Port |
135 |
| Protocol |
TCP |
| Class |
WMI |
| Detailed Description |
There are two configurations, the Windows authentication mode and the composite mode included the SQL Server authentication.
The installation program creates deactivated account (sa) for authenticating the SQL Server when selected the Windows authentication mode, then this account become activated by using the composite mode.
The sa account may be a target to attack because it is well known to common users, so you should deactive this account if no need, or you should use strong password system if you need.
The Windows authentication mode uses the kerberos security protocol and maintains proper complexity level by applying strong password policy.
Then because it supports account lock, password expiration and the SQL Server uses trust connection provided from Windows.
* Platforms Affected:
Microsoft Windows Any version |
| Recommendation |
Activate Windows authentication only
< SQL Server 2005 >
1. Right Click> Server> Properties> Security> Authentication> Authentication mode> Click and activate Windows[W] only |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
