1. Forum
  2. Usenet
  3. COMP.DATABASES.MS-SQLSERV

  • Determine what password is used during a login attempt

    From Anton Shepelev@21:1/5 to All on Wed Mar 5 14:28:48 2025
    Hello, all

    For some reason beyond our understanding, an installation of
    SAP Business One on one of our servers has lost the ability
    to connect to the MSSQL database under an internal,
    automatically crated user B1_SBOCOMMON. The Profiler
    intercepts the attempt:

    Logon Error: 18456, Severity: 14, State: 8.
    Logon Login failed for user 'B1_SBOCOMMON'.
    Reason: Password did not match that for the login provided.
    [CLIENT: 192.168.0.193]

    Is it possible determine the password it tries to use, if we
    have full admin access to that database (and the entire
    server) under the 'sa' user?

    --
    () ascii ribbon campaign -- against html e-mail
    /\ www.asciiribbon.org -- against proprietary attachments

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Erland Sommarskog@21:1/5 to Anton Shepelev on Wed Mar 5 19:55:43 2025
    Anton Shepelev (anton.txt@g{oogle}mail.com) writes:
    Hello, all


    Yeah "all", it's soooo crowded here. :-)

    For some reason beyond our understanding, an installation of
    SAP Business One on one of our servers has lost the ability
    to connect to the MSSQL database under an internal,
    automatically crated user B1_SBOCOMMON. The Profiler
    intercepts the attempt:

    Logon Error: 18456, Severity: 14, State: 8.
    Logon Login failed for user 'B1_SBOCOMMON'.
    Reason: Password did not match that for the login provided.
    [CLIENT: 192.168.0.193]

    Is it possible determine the password it tries to use, if we
    have full admin access to that database (and the entire
    server) under the 'sa' user?

    No. It's an encrypted hash. If it was reversible that would be a major
    security issue.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Anton Shepelev@21:1/5 to All on Thu Mar 6 13:35:18 2025
    Erland Sommarskog to Anton Shepelev:

    Hello, all

    Yeah "all", it's soooo crowded here. :-)

    According to the statistics, it is quite crowded -- 100% of
    questions in this newsgroup receive a meaningful answer from
    an MSSQL expert. How many forums can boast of that?

    You could mention this group in the SQL section of your
    website, or in your contacts, to remind the readers that
    Usenet lives on.

    Is it possible determine the password it tries to use,
    if we have full admin access to that database (and the
    entire server) under the 'sa' user?

    No. It's an encrypted hash. If it was reversible that
    would be a major security issue.

    So, only password hashes are sent from client to server?
    Makes sense.

    I had a withering weak hope, however, that a complete
    administrator access to the server would let me do something
    about it. We all wish security were weaker when dealing
    with the aftermath of bugs or poor work discipline, and wish
    it were stronger every time our system was hacked and
    encrypted by ransomware.

    --
    () ascii ribbon campaign -- against html e-mail
    /\ www.asciiribbon.org -- against proprietary attachments

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)