Detections
Analytics
SQL4-00-017100 - The SQL Server default account [sa] must be disabled.
Information
SQL Server's [sa] account has special privileges required to administer the database. The [sa] account is a well-known SQL Server account and is likely to be targeted by attackers and thus more prone to providing unauthorized access to the database.This [sa] default account is administrative and could lead to catastrophic consequences, including the complete loss of control over SQL Server.
If the [sa] default account is not disabled, an attacker might be able to gain access through the account. SQL Server by default, at installation, disables the [sa] account.
Some applications that run on SQL Server require the [sa] account to be enabled in order for the application to function properly. These applications that require the [sa] account to be enabled are usually legacy systems.
Solution
Modify the enabled flag of SQL Server's [sa] (system administrator) account by running the following script. If the account name has been changed per SQL4-00-010200, replace the letters 'sa' in the query with the new name.USE master;
GO
ALTER LOGIN [sa] DISABLE;
GO
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_SQL_Server_2014_Y24M07_STIG.zip
Item Details
Audit Name: DISA STIG SQL Server 2014 Instance DB Audit v2r4
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-7a., CAT|II, CCI|CCI-000381, Rule-ID|SV-213848r960963_rule, STIG-ID|SQL4-00-017100, STIG-Legacy|SV-82343, STIG-Legacy|V-67853, Vuln-ID|V-213848
Plugin: MS_SQLDB
Control ID: f561bded58c8ece7d9895993521c4b7d581b5347b1c19d717d0cf1827a0e7db5