The information being displayed is as follows: "The SQL Server has a blank password for the 'sa' account.\nCVE : CAN-2000-1209\nBID : 1281, 4797\n"
Thats it. This is not what's in the script (ID=10673). It used to display : "The remote MS SQL server(s) have the default 'sa' (System Administrator) account enabled with a blank password. Solution : Disable this account, or assign it password. " Its a small difference, but when you're upgrading a system to a new version, everyone questions the differences. Thanks M ---------------------------------------------------------------------------------------------------------------------------------------- What information does it display? And what did it display before you upgraded? From what I see, it should report: The SQL Server has a blank password for the 'sa' account. in the event it finds a vulnerability. Note that this differs from the description for some reason, although I'm not sure why, and has been that way since February 2002 based on a patch from Michael Scheidell. George -------------------------------------------------------------------------------------------------------------------------------------- _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
