Microsoft SQL Server 2014 / 2016 / 2017 / 2019 / 2022 Audit Logging
Failure
Microsoft SQL Server 2014, 2016, 2017, 2019, and 2022 appears to ignore
audit rules for sys.sysxlgns allowing an attacker with administrative permissions to extract password hashes under the radar. Microsoft told the researcher they are not willing to fix it but acknowledge it as a security problem.
https://packetstormsecurity.com/files/171362/mssql-passwordhash.txt
Thu, 16 Mar 2023 14:48:20 GMT
________________________________
--- The information is for inforamtional purposes only.
* Origin: Read us with
http://winpoint.org JID:
rs@captflint.com