Linked server & Remote login Password

  • Hi,

    Is there any way to find out the password for the remote login of the Linked server

  • ramana3327 (10/7/2014)


    Hi,

    Is there any way to find out the password for the remote login of the Linked server

    The system table sys.sql_logins contains a column called [password_hash] and sys.sysoledbusers contains a column called [rmtpassword], which should be a hash of the password, but for security reasons SQL Server returns it as NULL.

    http://technet.microsoft.com/en-us/library/ms190496(v=sql.105).aspx

    http://technet.microsoft.com/en-us/library/ms188018(v=sql.105).aspx

    However, using the function pwdcompare() it is possible to perform a "dictionary attack" on the hash to deduce the password. For example:

    declare @PW table (pwtext varchar(180) not null primary key);

    insert into @PW (pwtext)

    values ('password'), ('123456'), ('12345678'), ('1234'), ('qwerty'), ('12345');

    select name, type_desc, create_date, modify_date, password_hash

    from sys.sql_logins l

    join @PW pw on pwdcompare(pw.pwtext, l.password_hash) = 1;

    You actually must be a SYSADMIN level user in the first place to perform the above queries. It's probably more practical to reset the password on the remote account.

    This is why you don't want any database users, except the DBA, to have membership in SYSADMIN role. The ability to query system tables like this presents security issues.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

Viewing 2 posts - 1 through 1 (of 1 total)

You must be logged in to reply to this topic. Login to reply