May 20, 2010 at 11:51 am
Hello Experts
One of our application team fellows lost the password of one SQL Login. Can you please suggest me if there is any way I can extract or decrypt the password and can percolate the details to him?
Select * from syslogins didn't help..
Thanks.
May 20, 2010 at 11:57 am
You can change the password without knowing the old one, as long as you are a sysadmin (or a security admin and account you're trying to change is not sysadmin)
SQL passwords are run through a one-way hash before being stored in the system tables. It's not a reversible encryption routine that's used.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
May 20, 2010 at 12:02 pm
Thanks Gail. Since I am a DBA, certainly I have Server Admin rights and eventually I'm the 'sysadmin'. However, was looking for a solution other than 'changing the password'.
Is there any other way, I can do it? Pls suggest..
Thanks.
May 20, 2010 at 12:06 pm
Open the application you are afraid to break and look up the source code or odbc connection.
Or if you are afraid to offend someone, change the password and tell them the new one or ask them for a new one b4 changing it (assuming they forgot).
May 20, 2010 at 12:08 pm
So does this mean that, there is no other way that I can retrieve the password being an admin. O.k.!
Thanks.
May 20, 2010 at 12:16 pm
Sourav-657741 (5/20/2010)
So does this mean that, there is no other way that I can retrieve the password being an admin. O.k.!
That's not true. There is a Microsoft published way... research "sp_help_revlogin" - under your own responsibility.
_____________________________________
Pablo (Paul) Berzukov
Author of Understanding Database Administration available at Amazon and other bookstores.
Disclaimer: Advice is provided to the best of my knowledge but no implicit or explicit warranties are provided. Since the advisor explicitly encourages testing any and all suggestions on a test non-production environment advisor should not held liable or responsible for any actions taken based on the given advice.May 20, 2010 at 12:20 pm
Thanks Paul... Lets give it a try at Test Server..
Thanks.
May 20, 2010 at 12:33 pm
PaulB-TheOneAndOnly (5/20/2010)
Sourav-657741 (5/20/2010)
So does this mean that, there is no other way that I can retrieve the password being an admin. O.k.!That's not true. There is a Microsoft published way... research "sp_help_revlogin" - under your own responsibility.
sp_help_revlogin will only create a script that you can use to transfer the login to another server, but it will not give you the password. The password is not stored in any table in SQL Server so there is no place to get it from.
Your only hope would be to try guessing it.
May 20, 2010 at 12:53 pm
PaulB-TheOneAndOnly (5/20/2010)
That's not true. There is a Microsoft published way... research "sp_help_revlogin" - under your own responsibility.
That extracts the hashed password, it doesn't reverse the one-way hash and give you back the original password. The reason you can script logins and their passwords from one server to another is that the create login statement allows for a pre-hashed password, which is what sp_help_revlogin gives it.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
Viewing 9 posts - 1 through 8 (of 8 total)
You must be logged in to reply to this topic. Login to reply