| Status | ||||
|---|---|---|---|---|
|
Excessive Privilege Abuse
Alternative Forms
Excessive Privilege-Based Abuse
...
(Aravindharamanan et al., 2019, p. 176)
Abuse of Excessive Privileges
In most database installations, the Least Privilege Principle is not adhered to. There are many reasons why more privileges than necessary were granted to a person or an application login. For example, the development staff might not know any better; or they do know better but think they do not have the time to implement this correctly. There are also occasions in which implementation of the least privilege principle is anything but trivial. Think about an application that needs to be able to create and alter SQL Agent Jobs. Even an extensive internet search might leave you with the false impression that adding the application account to the sysadmin fixed server role is your only option to make that particular requirement work.
Granting excessive permissions is problematic for two reasons. About 80% of the attacks on company data are actually executed by employees or ex-employees. Granting too many privileges or not revoking those privileges in time makes it unnecessarily simple for them to execute their wrongdoing. Some of these actions might even be executed inadvertently or without the perception of those actions being illegal. For example, medical records of prominent people are exposed by employees all the time. (That is just one of the reasons why you should encrypt HIPAA-related data.)
The second reason is connected to another vulnerability: SQL Injection. If an adversary gains access to your data using SQL injection, you are already in trouble. If they then can do additional harm, because of excessive privileges being granted to the application account, the damage might be substantially bigger.
Bibliography
...