DBMS default accounts should be assigned custom passwords.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15635 | DG0128-SQLServer9 | SV-24108r1_rule | IAIA-1 IAIA-2 | High |
| Description |
|---|
| DBMS default passwords provide a commonly known and exploited means for unauthorized access to database installations. |
| STIG | Date |
|---|---|
| Microsoft SQL Server 2005 Instance Security Technical Implementation Guide | 2015-04-03 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (F-14773r1_fix) |
|---|
| Assign a password to accounts that meet DoD complexity requirements. From the query prompt: USE master ALTER LOGIN [name] WITH PASSWORD = '[new password]' Replace [new password] with a password and [name] with the account name. Use the SQL Server Enterprise Manager GUI to change the assigned password of any SQL Server–related service. Each service must be changed individually. |