DerScanner
Home / Vulnerability Database / T-SQL : Default account
T-SQL

T-SQL : Default account

Classification

OWASP Top 10 2013
A5-Security Misconfiguration
OWASP Top 10 2017
A2-Broken AuthenticationA6-Security Misconfiguration
OWASP Top 10 2021
A7-Identification and Authentication FailuresA5-Security Misconfiguration
OWASP ASVS
Authentication
PCI DSS 4.0
2.2.2
HIPAA
§164.312 (a)(1)§164.312 (a)(2)(i)
CWE
CWE-1031

Overview

The application uses a string whose value corresponds to username or password of a default account. Default accounts with high privileges present one of the highest risks to the database.

Some of the predefined account: SYSTEM_USER, SA.

References

  1. Securing Your Database Server
  2. CREATE LOGIN - msdn.microsoft.com
  3. OWASP Top 10 2017 A2-Broken Authentication
  4. OWASP Top 10 2017-A6-Security Misconfiguration
  5. CWE CATEGORY: OWASP Top Ten 2017 Category A5 - Broken Access Control
MEDIUM

DerScanner Severity Score

Do you want to fix T-SQL : Default account in your application?

See also

T-SQL

T-SQL : Weak encryption algorithm

T-SQL

T-SQL : Weak hashing algorithm

T-SQL

T-SQL : Weak random number generator