Home > In the News > Imperva Discovers and Helps Microsoft Address SQL Server Vulnerability

Press Release

Dec 2, 2005

Imperva Discovers and Helps Microsoft Address SQL Server Vulnerability

Press Release

Dec 2, 2005

Application Defense Center Submits Audit Evasion Vulnerability to Microsoft

WHO:

Imperva Application Defense Center (ADC)

WHAT:

Discovered vulnerability in Microsoft SQL Server 2000 that enables a user to mask their login name from the standard Microsoft audit tools. The vulnerability and corrective action are detailed in Microsoft Knowledge Base Article entitled “BUG: Login names that contain leading zero characters are not visible when you use SQL Profiler to audit connections to SQL Server 2000”. The Imperva SecureSphere Database Security Gateway automatically protects Microsoft SQL Server against this vulnerability. These protection capabilities are outlined in the Imperva Security Advisory entitled “Microsoft SQL Server Audit Bug”.

WHERE:

WHEN:

The Microsoft Knowledge Base Article was released on Nov. 30, 2005.

HOW:

ADC conducts ongoing research into database security issues, and discovered this vulnerability during an in-depth analysis of log-in mechanisms and protocols. ADC’s research findings are used to enhance the SecureSphere product line with next generation attack detection and protection features.

About the Imperva Application Defense Center

Imperva’s Application Defense Center (ADC) is a research and professional services organization dedicated to building the most advanced application security knowledge base in the world. ADC research combines extensive lab work with hands-on practice in real world environments.

About Imperva

Imperva is the leader in application data security and compliance. Leading enterprise and government organizations worldwide rely on Imperva to prevent data theft and abuse, and ensure data integrity. The company’s SecureSphere products provide data governance and protection solutions that monitor, audit and secure business applications and databases. For more information, visit www.imperva.com

# # #

Imperva and SecureSphere are trademarks of Imperva, Inc. All other brand or product names are trademarks or registered trademarks of their respective holders.

Editorial Contact

Marc Gendron
(781) 237-0341
marc@mqpr.net

Press Contact

impervaPR@imperva.com

This is for media inquiries only. For product and sales, please call: +1.866.926.4678.

Contact PR

The importance of a resilient CDN for digital performance

Imperva named a security leader in the SecureIQlab CyberRisk Report

IDC Spotlight: Effective Multicloud Data Security

Global DDoS Threat Landscape Report

The State of Security within eCommerce 2022

Imperva reimagines partner program: Imperva Accelerate

Protect your Cloudera data with Imperva

Quálitas continues its quality services using Imperva Application Security

Discovery Inc. tackles data compliance in public cloud

New Vulnerability in Popular Widget Shows Risks of Third-Party Code

Cyber Threat Index

Browse the Imperva Learning Center for the latest cybersecurity topics

Imperva ESG Reports