Application Defense Center Submits Audit Evasion Vulnerability to Microsoft

WHO:

Imperva Application Defense Center (ADC)

WHAT:

Discovered vulnerability in Microsoft SQL Server 2000 that enables a user to mask their login name from the standard Microsoft audit tools. The vulnerability and corrective action are detailed in Microsoft Knowledge Base Article entitled “BUG: Login names that contain leading zero characters are not visible when you use SQL Profiler to audit connections to SQL Server 2000”. The Imperva SecureSphere Database Security Gateway automatically protects Microsoft SQL Server against this vulnerability. These protection capabilities are outlined in the Imperva Security Advisory entitled “Microsoft SQL Server Audit Bug”.

WHERE:

WHEN:

The Microsoft Knowledge Base Article was released on Nov. 30, 2005.

HOW:

ADC conducts ongoing research into database security issues, and discovered this vulnerability during an in-depth analysis of log-in mechanisms and protocols. ADC’s research findings are used to enhance the SecureSphere product line with next generation attack detection and protection features.

About the Imperva Application Defense Center

Imperva’s Application Defense Center (ADC) is a research and professional services organization dedicated to building the most advanced application security knowledge base in the world. ADC research combines extensive lab work with hands-on practice in real world environments.

About Imperva

Imperva is the leader in application data security and compliance. Leading enterprise and government organizations worldwide rely on Imperva to prevent data theft and abuse, and ensure data integrity. The company’s SecureSphere products provide data governance and protection solutions that monitor, audit and secure business applications and databases. For more information, visit www.imperva.com

# # #

Imperva and SecureSphere are trademarks of Imperva, Inc. All other brand or product names are trademarks or registered trademarks of their respective holders.

Editorial Contact

Marc Gendron
(781) 237-0341
marc@mqpr.net