SQL Server Predictable Admin Account Name

  • Query id: 663062e9-473d-4e87-99bc-6f3684b3df40
  • Query name: SQL Server Predictable Admin Account Name
  • Platform: Ansible
  • Severity: Low
  • Category: Best Practices
  • CWE: 522
  • URL: Github

Description

Azure SQL Server's Admin account login must avoid using names like 'Admin', that are too predictable, which means the attribute 'admin_username' must be set to a name that is not easy to predict
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
#this is a problematic code where the query should report a result(s)
- name: Create (or update) SQL Server1
  azure_rm_sqlserver:
    resource_group: myResourceGroup
    name: server_name1
    location: westus
    admin_username: ""
    admin_password: Testpasswordxyz12!
- name: Create (or update) SQL Server2
  azure_rm_sqlserver:
    resource_group: myResourceGroup
    name: server_name2
    location: westus
    admin_username:
    admin_password: Testpasswordxyz12!
- name: Create (or update) SQL Server3
  azure_rm_sqlserver:
    resource_group: myResourceGroup
    name: server_name3
    location: westus
    admin_username: admin
    admin_password: Testpasswordxyz12!

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
#this code is a correct code for which the query should not find any result
- name: Create (or update) SQL Server
  azure_rm_sqlserver:
    resource_group: myResourceGroup
    name: server_name
    location: westus
    admin_username: mylogin
    admin_password: Testpasswordxyz12!