Sybase SQL sa Account Blank Password

high Nessus Plugin ID 17162

Synopsis

The remote database service has an account with a blank password.

Description

The remote Sybase SQL server has the default 'sa' account enabled without any password.

An attacker may use this flaw to execute commands against the remote host as well as read database content.

Solution

Either disable this account or set a password for it.

Plugin Details

Severity: High

ID: 17162

File Name: sybase_blank_password.nasl

Version: 1.11

Type: remote

Family: Databases

Published: 2/21/2005

Updated: 5/5/2023

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Score from an analysis done by tenable

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: manual

Vulnerability Information

CPE: cpe:/a:sybase:adaptive_server_enterprise, cpe:/a:sybase:adaptive_server

Excluded KB Items: global_settings/supplied_logins_only