Security-issue: guest-guest impersonation
Read OriginalThe article details a security flaw in SQL Server (versions 2005-2008 R2) where enabling the guest account in multiple databases can lead to guest-guest impersonation. This allows a user (e.g., a developer) in one database to impersonate the local guest, connect to another database with guest enabled, and gain unauthorized permissions, bypassing explicit denials. The issue was reported to Microsoft, with a fix expected only in a future major release (codename 'Denali').
Comments
No comments yet
Be the first to share your thoughts!
Browser Extension
Get instant access to AllDevBlogs from your browser
Top of the Week
No top articles yet