TF 0511 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Contained database authentication should be disabled
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | sql |
| Provider | |
| Vulnerability Type | omission |
Description
Contained database authentication is enabled, allowing users with ALTER permissions to grant access to the database without administrator oversight. This bypasses centralized access controls and can lead to unauthorized access management.
Impact
If exploited, users could create or modify accounts and grant unauthorized access to the database, potentially exposing sensitive data and undermining audit and compliance controls.
Resolution
Disable contained database authentication