12 June,2013 by Tom Collins
How can I find weak passwords in SQL Server logins?
Identifying weak passwords is an important part of Security Risk Analysis. Setting up a procedure to check for weak passwords should be part of the DBA daily healthcheck. It is straightforward to check for a weak password using a SELECT statement and the PWDCOMPARE function.
The PWDCOMPARE function accepts 2 arguments – the first is the text password and the varbin value of the SQL password hash
--find SQL login with blank passwords select name,type_desc,create_date from sys.sql_logins where pwdcompare('', password_hash) = 1 --find SQL login with password same as name select name,type_desc,create_date from sys.sql_logins where pwdcompare(name, password_hash) = 1
Powershell sql server security audit - SQL Server DBA
How to create a SQL Server Security Audit - SQL Server DBA
Database Server Security Audit Process - SQL Server DBA
Find who made a database security change - SQL Server DBA
This is only a preview. Your comment has not yet been posted.
As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.
Having trouble reading this image? View an alternate.
Posted by: |