Microsoft SQL Server weak password encryption vulnerability

Description

If 'Always prompt for login name and password' is not set, and Windows Integrated Security is not being used, Enterprise Manager for SQL Server 7 will save the login ID and password in the registry key HKCU\SOFTWARE\Microsoft\MSSQLServer\SQLEW\Registered Server X. The algorithm used to encrypt the password consists of XORing each character with a two byte value dependant on the character's position in the string.
If 'Always prompt for login name and password' is set, or Windows Integrated Security is used, the ID and password are not saved at all.
Microsoft SQL Server 6.5 stores the password in the same location but in plain text.

Remediation

Microsoft suggests using Windows Integrated Security. In this mode, SQL user access is tied to Windows user accounts, and no separate IDs are created. In addition, selecting the option 'Always prompt for login name and password' will prevent passwords from being written to the registry.

References