If default credentials are not disabled or changed, unauthorized access may be gained to the RDMS environment. This may lead to data breaches, data manipulation, or overall compromise of the database instance.
Database / Relational / Threats / DEV
Unauthorized Access via Default Credentials
CCC.RDMS.TH01
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.RDMS.CP06 | DB Managed Credentials | Ability to managed the database credentials using the cloud provider's secret management service. |
| CCC.RDMS.CP07 | DB Self Managed Credentials | Ability to manage the database credentials by client managed username and passwords. |
Related Controls
| ID | Title | Description |
|---|---|---|
| CCC.RDMS.CN01 | Password Management | Ensure default vendor-supplied DB administrator credentials are replaced with strong, unique passwords and that these credentials are properly managed using a secure password or secrets management solution. |
External Mappings
| Framework | ID | Remarks |
|---|---|---|
| MITRE-ATT&CK | T1078 |