UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The designer will ensure the application does not connect to a database using administrative credentials or other privileged database accounts.


Overview

Finding ID Version Rule ID IA Controls Severity
V-16790 APP3190 SV-17790r1_rule ECLP-1 Medium
Description
If the application uses administrative credentials or other privileged database accounts to access the database, an attacker that has already compromised the application though another vulnerability can drop, add, and modify the data in the database or the database structure.
STIG Date
Application Security and Development STIG 2014-04-03

Details

Check Text ( C-17777r1_chk )
If the application does not use a database, this check is not applicable.

Ask the application representative how the application authenticates to the database.

1) If the application authenticates to the database by using a database account that has database administrator access, it is a finding.
Fix Text (F-17007r1_fix)
Modify the application and the database account used for the application so administrative credentials are not required to access the database.