AppDetective™ Update 2.5.24 - 01 May 2002

NEW CHECK

Microsoft SQL Server (Audit)

Title: Case-sensitive sort order

Description: Checks for a case-sensitive sort order.

Summary: The sort order on your SQL Server determines the manner in which your data will be sorted. It is specific to national languages and can be case-sensitive as well as accent-sensitive. If your sort order is not case-sensitive, a hacker attempting to brute-force a password does not have to worry about the case of the passwords being hacked (i.e. 'asi', 'ASI', 'Asi', etc… are all considered the same word). This can significantly shorten the amount of time it takes to crack a password.

UPDATED CHECKS

Microsoft SQL Server (Overall)

Updated checks and descriptions to take into consideration Service Pack 4 for Microsoft SQL Server version 7.x.

Microsoft SQL Server (Pen Test and Audit)

Title: Temporary stored procedures bypass permissions

Description: Verify if the version of Microsoft SQL Server is known to allow temporary stored procedures to bypass permission checking.

Summary: Temporary stored procedures can be used to execute stored procedures on which a login does not have EXECUTE permissions. The ability to create temporary stored procedures can not be restricted, therefore this vulnerability can be exploited by an valid SQL Server user.