Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-16790 | APP3190 | SV-17790r1_rule | ECLP-1 | Medium |
Description |
---|
If the application uses administrative credentials or other privileged database accounts to access the database, an attacker that has already compromised the application though another vulnerability can drop, add, and modify the data in the database or the database structure. |
STIG | Date |
---|---|
Application Security and Development Checklist | 2014-12-22 |
Check Text ( C-17777r1_chk ) |
---|
If the application does not use a database, this check is not applicable. Ask the application representative how the application authenticates to the database. 1) If the application authenticates to the database by using a database account that has database administrator access, it is a finding. |
Fix Text (F-17007r1_fix) |
---|
Modify the application and the database account used for the application so administrative credentials are not required to access the database. |