Database User Has Admin Privileges
Description
The database user account used by the application has administrative privileges on the database server. This security misconfiguration was confirmed by analyzing the connection privileges through an identified SQL injection vulnerability. Running applications with elevated database permissions violates the principle of least privilege and significantly increases the attack surface.
Remediation
Immediately reduce the database user's privileges to the minimum required for application functionality:
- Create a dedicated database user with restricted permissions: Create a new database account specifically for the application with only the necessary privileges (typically SELECT, INSERT, UPDATE, DELETE on specific tables).
- Remove administrative privileges: Revoke all administrative and system-level permissions from the application's database user. This includes permissions like CONTROL SERVER, db_owner, or root access.
- Grant table-level permissions only: Assign permissions at the most granular level possible. For example:
MySQL/MariaDB:CREATE USER 'app_user'@'localhost' IDENTIFIED BY 'strong_password'; GRANT SELECT, INSERT, UPDATE, DELETE ON app_database.* TO 'app_user'@'localhost'; FLUSH PRIVILEGES;
PostgreSQL:CREATE USER app_user WITH PASSWORD 'strong_password'; GRANT CONNECT ON DATABASE app_database TO app_user; GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO app_user;
SQL Server:CREATE LOGIN app_user WITH PASSWORD = 'strong_password'; CREATE USER app_user FOR LOGIN app_user; GRANT SELECT, INSERT, UPDATE, DELETE ON SCHEMA::dbo TO app_user;
- Update application configuration: Modify the application's database connection settings to use the new restricted user account.
- Test thoroughly: Verify that all application functionality works correctly with the reduced privileges before deploying to production.
- Implement regular audits: Periodically review database user permissions to ensure they remain aligned with the principle of least privilege.