Database Security Threat in Default Passwords Still Exist

Friday May 28th 2010 by DatabaseJournal.com Staff

There are over 1000 default database password combinations that could prove to be a database security threat.

One of a database’s biggest security threats may be something that seems small and insignificant. And it’s not new. Very often when a database is deployed, an add-on is installed, or application using the database is installed, a default account and password is created. If not cleaned up by database administrators, these default passwords build up and are that many security breaches just waiting to happen.

Scott Laliberte, managing director for Protiviti, a security consultancy, has led endless numbers of security audits and says "We'll go in and do an assessment where the OS is hardened [or] the ERP has had a segregation of duties review done. All of these different security settings within the actual application are great, but [they are] all sitting on a default database install," and adding, "I've actually done several reviews like that, where there were default passwords on database accounts, the database had not been hardened, and it was a complete mess."

Mobile Site | Full Site