Scott Laliberte, managing director for Protiviti, a security consultancy, has led endless numbers of security audits and says "We'll go in and do an assessment where the OS is hardened [or] the ERP has had a segregation of duties review done. All of these different security settings within the actual application are great, but [they are] all sitting on a default database install," and adding, "I've actually done several reviews like that, where there were default passwords on database accounts, the database had not been hardened, and it was a complete mess."
There are over 1000 default database password combinations that could prove to be a database security threat.
One of a databases biggest security threats may be something that seems small and insignificant. And its not new. Very often when a database is deployed, an add-on is installed, or application using the database is installed, a default account and password is created. If not cleaned up by database administrators, these default passwords build up and are that many security breaches just waiting to happen.