Microsoft SQL Server Downgrade Attack

Posted on So, 2011-12-25 in security • Tagged with mssql, mitm, downgrade, metasploit

I took a look at the authentication mechanisms of the native network protocols of some of the more prominent dbms vendors. One of my targets was Microsofts SQL Server 2008 R2. MSSQL provides two methods for authentication: Integrated and Native Authentication. Integrated uses Windows OS user credentials to log into …

Continue reading