- Threat ID
- Threat Date
- Threat Name
- CHECK_POLICY option
- CVE Reference
- CCE Reference
- Database Type
- Microsoft SQL Server
- Microsoft SQL Server 2005, 2008, 2008R2 and 2012
- Sql Server 2005 and later allows the enforcing of the same password complexity policy used in Windows to passwords of SQL logins. All SQL logins should have this property enabled.
- SQL Server can apply the same complexity and expiration policies used in Windows Server 2003 (and later) to passwords used inside SQL Server. This ensures that
- The password does not contain all or part of the account name of the user.
- The password is at least eight characters long.
- The password contains characters from three of the following four categories:
Latin uppercase letters (A through Z)
Latin lowercase letters (a through z)
Base 10 digits (0 through 9)
Non-alphanumeric characters such as: exclamation point (!), dollar sign ($), number sign (#), or percent (%).
All SQL logins should have this option selected to increase security.
Additional information including fix script information is available in the licensed versions of Application Security's DbProtect and AppDetectivePro solutions.