SQLServerCentral / Article Discussions / Article Discussions by Author / Discuss content posted by Thao Truong / Find weak login passwords in your server / Latest Posts

RE: Find weak login passwords in your server

rokuba — Sun, 07 Nov 2010 02:33:46 GMT

[url=http://translate.google.com/translate?hl=pl&sl=pl&tl=en&u=http%3A%2F%2Frkubalski.blogspot.com%2F2010%2F10%2Fpwdcompare.html]see here[/url]

RE: Find weak login passwords in your server

c07550285 — Wed, 19 May 2010 06:19:00 GMT

it works, thanks.

RE: Find weak login passwords in your server

Kuido Külm — Tue, 18 May 2010 23:28:22 GMT

Add COLLATE DATABASE_DEFAULT to table variable definitionDECLARE @WeakPwdList TABLE(WeakPwd NVARCHAR(255) COLLATE DATABASE_DEFAULT )

RE: Find weak login passwords in your server

c07550285 — Tue, 18 May 2010 09:03:24 GMT

Hi, i get this error, any help?.[Microsoft][ODBC SQL Server Driver][SQL Server]Cannot resolve the collation conflict between "Modern_Spanish_CI_AS" and "SQL_Latin1_General_CP1_CI_AS" in the replace operation.(42000,468)thanks

RE: Find weak login passwords in your server

bennie.roodt — Fri, 14 May 2010 02:10:11 GMT

Hi,Here is a script that will work for SQL2000 too.DECLARE @WeakPwdList TABLE(WeakPwd NVARCHAR(255))--Define weak password list--Use @@Name if users password contain their nameINSERT INTO @WeakPwdList(WeakPwd)SELECT ''UNION SELECT '123'UNION SELECT '1234'UNION SELECT '12345'UNION SELECT 'abc'UNION SELECT 'default'UNION SELECT 'guest'UNION SELECT '123456'UNION SELECT '@@Name123'UNION SELECT '@@Name'UNION SELECT '@@Name@@Name'UNION SELECT 'admin'UNION SELECT 'Administrator'UNION SELECT 'admin123'-- SELECT * FROM @WeakPwdListSELECT syslogins.name AS [LoginName], CASE WHEN PWDCOMPARE(REPLACE(t2.WeakPwd,'@@Name',REVERSE(syslogins.name)),password) = 0 THEN REPLACE(t2.WeakPwd,'@@Name',syslogins.name) ELSE REPLACE(t2.WeakPwd,'@@Name',REVERSE(syslogins.name))END AS [Password],syslogins.dbname as Default_Database,(SELECT suser_sname(sid) FROM sysdatabases WHERE sysdatabases.name = syslogins.dbname) AS database_ownerFROM syslogins INNER JOIN @WeakPwdList t2 ON (PWDCOMPARE(t2.WeakPwd, password) = 1 OR PWDCOMPARE(REPLACE(t2.WeakPwd,'@@Name',syslogins.name),password) = 1OR PWDCOMPARE(REPLACE(t2.WeakPwd,'@@Name',REVERSE(syslogins.name)),password) = 1 )--WHERE syslogins.is_disabled=0ORDER BY syslogins.name

RE: Find weak login passwords in your server

Lee Linares — Tue, 05 Jan 2010 11:18:07 GMT

I found that if I included 'password', 'PASSWORD', and 'Password' in the @WeakPwdList table variable the script would not return all users with those passwords. The fix was to use UNION ALL instead of UNION. Thanks for the code. This is very useful.

RE: Find weak login passwords in your server

parmstrong1107 — Tue, 05 Jan 2010 08:50:47 GMT

Have you considered simply enforcing password policy?

RE: Find weak login passwords in your server

Kuido Külm — Tue, 05 Jan 2010 01:45:05 GMT

Can also add password REVERSE option and add login default database owner to select clauseSELECT sql_logins.name AS [LoginName], CASE WHEN PWDCOMPARE(REPLACE(t2.WeakPwd,'@@Name',REVERSE(sql_logins.name)),password_hash) = 0 THEN REPLACE(t2.WeakPwd,'@@Name',sql_logins.name) ELSE REPLACE(t2.WeakPwd,'@@Name',REVERSE(sql_logins.name))END AS [Password],sql_logins.default_database_name,sql_logins.is_policy_checked,sql_logins.is_expiration_checked,sql_logins.is_disabled,(SELECT suser_sname(owner_sid) FROM sys.databases WHERE databases.name = sql_logins.default_database_name) AS database_ownerFROM sys.sql_logins INNER JOIN @WeakPwdList t2 ON (PWDCOMPARE(t2.WeakPwd, password_hash) = 1 OR PWDCOMPARE(REPLACE(t2.WeakPwd,'@@Name',sql_logins.name),password_hash) = 1 OR PWDCOMPARE(REPLACE(t2.WeakPwd,'@@Name',REVERSE(sql_logins.name)),password_hash) = 1 )--WHERE sql_logins.is_disabled=0ORDER BY sql_logins.name

Find weak login passwords in your server

dachimoto — Wed, 16 Dec 2009 12:38:10 GMT

Comments posted to this topic are about the item [B]Find weak login passwords in your server[/B]