Wednesday, October 10, 2012

How to find the SQLlogins have proper password except blank,samelogin name as password And ‘password’ as password?



--To find the blank password set for any sql logins.
--PWDCOMPARE Hashes a password and compares the hash to the    hash of an existing password.   PWDCOMPARE can be used to search for blank SQL Server login passwords or common weak passwords.

SELECT name FROM sys.sql_logins
WHERE PWDCOMPARE('', password_hash) = 1 ;

--To find the password set as like the same name of sql login name    for any sql logins.

SELECT name FROM sys.sql_logins
WHERE PWDCOMPARE(name, password_hash) = 1 ;

--To find the password set as like 'password' for sql logins

SELECT name FROM sys.sql_logins
WHERE PWDCOMPARE('password', password_hash) = 1 ;

Hope you can search for blank SQL Server login passwords or common weak passwords with above query.

1 comment:

MYSQL:::Seamless Data Archiving: Exporting, Importing, and Pruning MySQL Tables

  Seamless Data Archiving: Exporting, Importing, and Pruning MySQL Tables Introduction: In the dynamic landscape of database management...