MSSQL Password Auditor helps security auditors & database administrators to perform password audit and password recovery of SQL server passwords using hash algorithm. It is also a password analyzing tool which uses dictionary attacks, brute force attacks and hybrid attacks to audit weaknesses in the database password policy which will also help in preventing username password hacking & cracking.
This assists to enforce stringent policies by identifying weak and default passwords in the MSSQL database. Weak passwords have been cited by experts from SANS, industry, government, and academia as one of the most critical security threats to computer networks
MSSQL Password Auditor is a password strength analyzer that proactively identifies the strength of a password against an intrusion attempt. It also checks for defaults password that are not changed on MSSQL database servers because all default passwords are security threat for the confidentiality, integrity and availability of data. It also provides options like dictionary attacks, brute force attacks and hybrid attacks to audit the weaknesses in enforced password security policy. MSSQL Password Auditor also has the ability to present all cracked passwords in the form of a vulnerability report so that it complies with a defined controls and organizational security policy.
Password recovery and Password audit becomes extremely easy with MSSQL Password Auditor because It automatically retrieves password hashes from sysxlogins table from Microsoft SQL Server 7 and Microsoft SQL Server 2000 and it also retrieves password hashes from sys.sql_logins table from Microsoft SQL Server 2005 and Microsoft SQL Server 2008 and it allows auditors, database administrators, and security administrators to either password recovery or test the strength of the sql password according to an organization policy through comprehensive auditing.
MSSQL Password Auditor is compatible with Microsoft SQL Server 7 / Microsoft SQL Server 2000 / Microsoft SQL Server 2005 / Microsoft SQL Server 2008. It also facilitates in achieving strengthened governance and Regulatory Compliance standards like Sarbanes-Oxley Act (SOX) (USA) , Health Insurance Portability and Accountability Act (HIPAA) (USA) , Gramm-Leach-Bliley Act (GLBA) (USA) Federal Information Security Management Act (FISMA) (USA) , Data Protection (EU, UK, Canadian) J-SOX (Japan), LSF (France), Payment Card Industry Data Security Standard (PCI/DSS), security frameworks such as ISO 27001, and COBIT or NIST.
Following are some examples of weak SQL server passwords:
Default database passwords such as those used in most software applications (SAP, symbol, weblogic etc)
Popular MSSQL passwords (qwerty, 123456, password, letmein, abc123, monkey etc.).
Repeated combinations of symbols (aabbcc, 123123, aaaa, 7777777 etc.).
Inversion of common words (drowssap, nimda etc.).
SQL Passwords coinciding with user name or its variations.
Short database passwords having up to 7 symbols, which can be found with brute force attack.
MSSQL Passwords derived from common words or word combinations that can quickly be discovered with a dictionary attack.
SQL server Passwords based on personal data.
Database Passwords based on user characteristics.
SQL Passwords based on modified version of older passwords.
The best way to discover weak passwords is through password audits on a regular basis.
Key Features and Benefits:
Determines how secure are your corporate database server.
Tests the strength of database passwords which protects user accounts.
Account Password Recovery.
Helps in achieving Regulatory Compliance.
Performs brute force and hybrid attacks.
Overall the MSSQL password auditor is a comprehensive password analyzing tool which carries out password audit and quick password recovery for SQL passwords which use hash algorithm. It uses dictionary attacks, brute force attacks and hybrid attacks to audit weaknesses in the database password policy which will also help in preventing username password hacking & cracking.
