Null Characters Can Mask Login Names in Microsoft SQL Profiler
Security Alert, December 5, 2005
SQL Profiler, included with Microsoft SQL Server, is commonly used
to audit connections to the server. However, login names prefixed with
null characters aren't visible to the profiling tool in SQL Server
2000. Microsoft said that the problem is fixed in SQL Server 2005.
The Microsoft article "BUG: Login names that contain leading zero
characters are not visible when you use SQL Profiler to audit
connections to SQL Server 2000" (at the URL below) explains that the
problem also exists when using certain stored procedures to monitor
connections. The article also offers workaround information.