SQL Server transmits unencrypted passwords