Home Forums Article Discussions Article Discussions by Author Discuss content posted by Thao Truong Find weak login passwords in your server RE: Find weak login passwords in your server

  • January 5, 2010 at 1:45 am

    #1098791

    Can also add password REVERSE option and add login default database owner to select clause

    SELECT sql_logins.name AS [LoginName],

    CASE

    WHEN PWDCOMPARE(REPLACE(t2.WeakPwd,'@@Name',REVERSE(sql_logins.name)),password_hash) = 0 THEN REPLACE(t2.WeakPwd,'@@Name',sql_logins.name)

    ELSE REPLACE(t2.WeakPwd,'@@Name',REVERSE(sql_logins.name))

    END AS [Password]

    ,sql_logins.default_database_name,sql_logins.is_policy_checked,sql_logins.is_expiration_checked,sql_logins.is_disabled

    ,(SELECT suser_sname(owner_sid) FROM sys.databases WHERE databases.name = sql_logins.default_database_name) AS database_owner

    FROM sys.sql_loginsINNER JOIN @WeakPwdList t2 ON (PWDCOMPARE(t2.WeakPwd, password_hash) = 1

    OR PWDCOMPARE(REPLACE(t2.WeakPwd,'@@Name',sql_logins.name),password_hash) = 1

    OR PWDCOMPARE(REPLACE(t2.WeakPwd,'@@Name',REVERSE(sql_logins.name)),password_hash) = 1 )

    --WHERE sql_logins.is_disabled=0

    ORDER BY sql_logins.name