Credentials stored and used by the DBMS to access remote databases or applications should be authorized and restricted to authorized users.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15154 | DG0190-SQLServer9 | SV-24111r1_rule | DCFA-1 | Medium |
| Description |
|---|
| Credentials defined for access to remote databases or applications may provide unauthorized access to additional databases and applications to unauthorized or malicious users. |
| STIG | Date |
|---|---|
| Microsoft SQL Server 2005 Instance Security Technical Implementation Guide | 2015-04-03 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (F-14763r1_fix) |
|---|
| Grant access to linked servers to authorized accounts or applications only. Document all linked server access authorizations in the System Security Plan and authorize with the IAO. |