Foster City, California – (The Hosting News) – December 2, 2005 – Data security company, Imperva has
discovered vulnerability in Microsoft SQL Server 2000 that
enables a user to mask their login name from the standard
Microsoft audit tools.
Working through their Imperva Application Defense Center (ADC), the company logged the vulnerability and corrective action in the Microsoft Knowledge Base Article entitled “BUG: Login
names that contain leading zero characters are not visible when
you use SQL Profiler to audit connections to SQL Server 2000”.
Imperva SecureSphere Database Security Gateway automatically
protects Microsoft SQL Server against this vulnerability. These
protection capabilities are outlined in the Imperva Security
Advisory entitled “Microsoft SQL Server Audit Bug”.
The Microsoft Knowledge Base Article is located at:
The Imperva Security Advisory is available at:
The Microsoft Knowledge Base Article was released on Nov. 30,
ADC conducts ongoing research into database security issues, and
discovered this vulnerability during an in-depth analysis of
log-in mechanisms and protocols. ADC’s research findings are used
to enhance the SecureSphere product line with next generation
attack detection and protection features.
To learn more about Imperva, please visit: www.imperva.com.