Solved

SQL Server authentication hashes

Posted on 2013-06-26
8
308 Views
Last Modified: 2013-07-15
I've been tasked with seeing which MSSQL Database accounts can query the table that stores the encrypted password hashes for SQL authentication accounts across MSSQL 2000, 2005 and 2008 instances? Please can you provide the exact table these hashes are stored in, I beleive it isnt the same for all versions of MSSQL?
0
Comment
Question by:pma111
  • 6
  • 2
8 Comments
 
LVL 16

Expert Comment

by:EvilPostIt
Comment Utility
In SQL Server 2005 & 2008 its the sys.sql_logins table. Unfortunately I dont have a 2000 instance so cant check although it may be the same table....

I believe its only members of the sysadmins group which can see the contents of the password_hash column but I will have to check to make sure its correct.
0
 
LVL 3

Author Comment

by:pma111
Comment Utility
That would be most useful, thanks.
0
 
LVL 16

Accepted Solution

by:
EvilPostIt earned 500 total points
Comment Utility
In this article i found the line...
CONTROL SERVER permission is required to examine the password_hash column of sys.sql_logins.

So looks like the control CONTROL SERVER permission is required.

http://social.technet.microsoft.com/wiki/contents/articles/7937.password-audit-for-sql-server-logins-find-blank-or-common-passwords-for-sql-logins.aspx
0
 
LVL 16

Expert Comment

by:EvilPostIt
Comment Utility
As a side note, probably a good idea for you to read the article i posted last as it looks along the lines of what you want to do...
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 16

Expert Comment

by:EvilPostIt
Comment Utility
Is this answer sufficient or do require further clarification?
0
 
LVL 3

Author Comment

by:pma111
Comment Utility
The only other thing was whether sys_logins may be "invisible" to a non sys admin, they claim the view isnt even there! Which I thought could be permissions related?
0
 
LVL 16

Expert Comment

by:EvilPostIt
Comment Utility
A user who doesnt have the correct level of permissions see's the sql_logins table but the password_hash column is blank.

They will only see rows for the sa account and themselves. No other SQL logins will be visible.
0
 
LVL 16

Expert Comment

by:EvilPostIt
Comment Utility
Is this clarification sufficient?
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
SQL Server Log File Space 6 33
Sql server lock cursor 13 39
SQL Query Syntax Error 9 29
SQL server 2008 SP4 29 31
JSON is being used more and more, besides XML, and you surely wanted to parse the data out into SQL instead of doing it in some Javascript. The below function in SQL Server can do the job for you, returning a quick table with the parsed data.
Slowly Changing Dimension Transformation component in data task flow is very useful for us to manage and control how data changes in SSIS.
Using examples as well as descriptions, and references to Books Online, show the documentation available for datatypes, explain the available data types and show how data can be passed into and out of variables.
Viewers will learn how to use the SELECT statement in SQL and will be exposed to the many uses the SELECT statement has.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now