Repeated attempts to guess database user passwords may be made through brute force techniques. This condition could result in unauthorized access if successful, compromising database security and sensitive information.
Database / Relational / Threats / DEV
Brute Force Attempts on Database Authentication
CCC.RDMS.TH02
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.RDMS.CP07 | DB Self Managed Credentials | Ability to manage the database credentials by client managed username and passwords. |
Related Controls
| ID | Title | Description |
|---|---|---|
| CCC.RDMS.CN02 | Account Lockout and Rate-Limiting | Ensure the database enforces lockouts or rate-limiting after a specified number of failed authentication attempts. This prevents brute force or password-guessing attacks from succeeding. |
External Mappings
| Framework | ID | Remarks |
|---|---|---|
| MITRE-ATT&CK | T1110 |