I've got a SQL server that I'm reviewing that uses mixed mode authentication. I have an entry in the syslogins table that lists a user with a NULL password, this user is an NTUser that does have ...

SQL Server 2005 introduced a means to enforce password and lockout policies for SQL Server login accounts when using SQL Server Authentication. SQL Server 2008 continues to do so.

If you are using mixed authentication mode (“SQL Server & Windows Authentication Mode”) you are vulnerable. SQL Server 2000, 2005, and 2008, running on all supported Windows platforms.

So, as I see it, my only alternative is to setup SQL server in mixed authentication mode, create a login for that user and then hard-code the username and password into the connection string.