Skip to content

MSSQL Credentials

Service Name: Microsoft SQL Server

Service Description: Microsoft SQL Server is a relational database management system developed by Microsoft. It is a software product with the primary function of storing and retrieving data as requested by other software applications.

Service Address: https://www.microsoft.com/en-us/sql-server/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the SQL Server level using firewall rules or network security groups if hosted in Azure.

Secret Access Scope: Grants access to SQL Server databases with permissions defined by the user's role assignments.

Secret Revokement URL: https://learn.microsoft.com/en-us/sql/relational-databases/security/authentication-access/drop-login

Secret Example: Server=myServerAddress;Database=myDataBase;User Id=myUsername;Password=myPassword;

Suspicious Activity Investigation Instructions:

  • Review SQL Server audit logs for unusual login attempts or query patterns
  • Check for unexpected database schema changes or data modifications
  • Monitor for unusual query volume or resource utilization
  • Examine login times and source IP addresses for anomalies
  • Review permissions changes or role assignments

Mitigation Instructions:

  • Change the password for the compromised SQL Server login immediately
  • Revoke any unnecessary permissions from the affected account
  • Consider implementing SQL Server Always Encrypted for sensitive data
  • Enable SQL Server auditing to track future access and changes
  • Implement more restrictive firewall rules to limit access by IP address
  • Review and update your password policy to require stronger credentials
  • Consider implementing multi-factor authentication if available
  • Rotate credentials regularly as part of security best practices