The SQL Server Admin account has predictable username as 'Admin' or 'Root'

ID

azure_sql_server_predictable_admin

Severity

low

Vendor

Azure

Resource

IAM

Tags

reachable

Description

The SQL Server Admin account has predictable username as 'Admin' or 'Root'. This is a facility to a potential attacker.

Learn more about this topic at Azure SQL Server Admin username.

Examples

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Create SQL Server with Azure Active Directory admin
      azure_rm_sqlserver:
        resource_group: myResourceGroup
        name: server_name
        location: westus
        admin_username: Admin
        admin_password: Testpasswordxyz12!
        administrators:
          principal_type: Group
          login: MySqlAdminGroup
          sid: "{{ MySqlAdminGroup.object_id }}"
          tenant_id: "{{ my_tenant_id }}"
          azure_ad_only_authentication: false

Mitigation / Fix

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Create SQL Server with Azure Active Directory admin
      azure_rm_sqlserver:
        resource_group: myResourceGroup
        name: server_name
        location: westus
        admin_username: Unpredictable_user
        admin_password: Testpasswordxyz12!
        administrators:
          principal_type: Group
          login: MySqlAdminGroup
          sid: "{{ MySqlAdminGroup.object_id }}"
          tenant_id: "{{ my_tenant_id }}"
          azure_ad_only_authentication: false