Skip to content

Access Control: Default MSSQL Credentials

Identifier: mssql_default_credentials

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

MSSQL servers configured with default credentials are vulnerable to unauthorized access, potentially leading to data breaches and system compromise.

How we test: We attempt to authenticate to MSSQL servers using common default username and password combinations. If authentication succeeds, we report the vulnerability and verify if default credentials are still in use.

Configuration

Example

Example configuration:

---
security_tests:
  mssql_default_credentials:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.