October 7, 2014 at 7:39 am
Hi,
Is there any way to find out the password for the remote login of the Linked server
October 7, 2014 at 8:17 am
ramana3327 (10/7/2014)
Hi,Is there any way to find out the password for the remote login of the Linked server
The system table sys.sql_logins contains a column called [password_hash] and sys.sysoledbusers contains a column called [rmtpassword], which should be a hash of the password, but for security reasons SQL Server returns it as NULL.
http://technet.microsoft.com/en-us/library/ms190496(v=sql.105).aspx
http://technet.microsoft.com/en-us/library/ms188018(v=sql.105).aspx
However, using the function pwdcompare() it is possible to perform a "dictionary attack" on the hash to deduce the password. For example:
declare @PW table (pwtext varchar(180) not null primary key);
insert into @PW (pwtext)
values ('password'), ('123456'), ('12345678'), ('1234'), ('qwerty'), ('12345');
select name, type_desc, create_date, modify_date, password_hash
from sys.sql_logins l
join @PW pw on pwdcompare(pw.pwtext, l.password_hash) = 1;
You actually must be a SYSADMIN level user in the first place to perform the above queries. It's probably more practical to reset the password on the remote account.
This is why you don't want any database users, except the DBA, to have membership in SYSADMIN role. The ability to query system tables like this presents security issues.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply