Check: DM6180-SQLServer9
Database SQL Server 9:
DM6180-SQLServer9
(in version v8 r1.9)
Title
Database Master Key passwords shoud not be stored in credentials within the database. (Cat II impact)
Discussion
Storage of the database master key password in a database credential allows decryption of sensitive data by privileged users who may not have a need-to-know requirement to access the data.
Check Content
From the query prompt: SELECT COUNT(credential_id) FROM [master].sys.master_key_passwords If count is not 0, this is a Finding.
Fix Text
Use the stored procedure sp_control_dbmasterkey_password to remove any credentials that store database master key passwords. From the query prompt: EXEC SP_CONTROL_DBMASTERKEY_PASSWORD @db_name = '[database name]', @action = N'drop'
Additional Identifiers
Rule ID: SV-25497r1_rule
Vulnerability ID: V-15162
Group Title:
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| No CCIs are assigned to this check |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| No controls are assigned to this check |