PT-2009-4786 · Microsoft+1 · Windows+2

Tim Brown

Published

2009-07-07

Updated

2018-10-10

CVE-2009-2357

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions TekRADIUS version 3.0

Description The default configuration of TekRADIUS uses the sa account to communicate with Microsoft SQL Server, making it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system.

Recommendations For TekRADIUS version 3.0, consider changing the default configuration to use a less privileged account for communication with Microsoft SQL Server to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-16

Related Identifiers

CVE-2009-2357

Affected Products

Sql Server

Tekradius

Windows

PT-2009-4786 · Microsoft+1 · Windows+2

CVE-2009-2357

Weakness Enumeration

Related Identifiers

Affected Products

References · 4