Suggestion: condense "weak password finding"

Open 7MinSec opened this issue 11 months ago • 0 comments

Hello!

On a recent pentest I did an invoke-sqlaudit with a cred I found on a file share and that server had ~50 accounts on it, 30 of which had default/weak creds. The PowerUpSQL report then has 30 entries talking about the weak login password vulnerability. It would kind of be nice if the vulnerability was listed once and then said something at the end like "Here are a list of the affected credentials:

Username: test, password: test
Username: dbguy, password: dbguy
etc.

Jan 26 '25 16:01 7MinSec