Contained database authentication should be disabled
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | sql |
| Provider | |
| Vulnerability Type | omission |
Description#
Contained database authentication is enabled, allowing users with ALTER permissions to grant access to the database without administrator oversight. This bypasses centralized access controls and can lead to unauthorized access management.
Impact#
If exploited, users could create or modify accounts and grant unauthorized access to the database, potentially exposing sensitive data and undermining audit and compliance controls.
Resolution#
Disable contained database authentication