SQL Server Predictable Active Directory Account Name
- Query id: 530e8291-2f22-4bab-b7ea-306f1bc2a308
- Query name: SQL Server Predictable Active Directory Account Name
- Platform: Ansible
- Severity: Medium
- Category: Best Practices
- URL: Github
Description¶
Azure SQL Server must avoid using predictable Active Directory Administrator Account names, like 'Admin', which means the attribute 'ad_user' must be set to a name that is not easy to predict
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
#this is a problematic code where the query should report a result(s)
- name: create ad sp
azure_ad_serviceprincipal:
app_id: "{{ app_id }}"
state: present
tenant: "{{ tenant_id }}"
ad_user: admin
- name: create ad sp2
azure_ad_serviceprincipal:
app_id: "{{ app_id2 }}"
state: present
tenant: "{{ tenant_id2 }}"
ad_user: ""
- name: create ad sp3
azure_ad_serviceprincipal:
app_id: "{{ app_id3 }}"
state: present
tenant: "{{ tenant_id3 }}"
ad_user: