Wednesday, October 10, 2012

How to find the SQLlogins have proper password except blank,samelogin name as password And ‘password’ as password?



--To find the blank password set for any sql logins.
--PWDCOMPARE Hashes a password and compares the hash to the    hash of an existing password.   PWDCOMPARE can be used to search for blank SQL Server login passwords or common weak passwords.

SELECT name FROM sys.sql_logins
WHERE PWDCOMPARE('', password_hash) = 1 ;

--To find the password set as like the same name of sql login name    for any sql logins.

SELECT name FROM sys.sql_logins
WHERE PWDCOMPARE(name, password_hash) = 1 ;

--To find the password set as like 'password' for sql logins

SELECT name FROM sys.sql_logins
WHERE PWDCOMPARE('password', password_hash) = 1 ;

Hope you can search for blank SQL Server login passwords or common weak passwords with above query.

at

1 comment:

Subscribe to: Post Comments (Atom)

MYSQL::Setting Validate_Password componet for MySQL Database to ensure password policy settings

Inadequate Password Settings for MySQL Database We observed that the `validate_password%` settings on hostname `<insert hostname>` a...