Are passwordless logins like ##MS_SQLResourceSigningCertificate## , ##MS_AgentSigningCertificate## a vulnerability?
-
01-11-2019 - |
Question
I'm new to MS SQL Server.
Colleagues working in IT security, have run an scan showing come DB users with null password.
Some of them are ( # included )
##MS_SQLResourceSigningCertificate##
##MS_SQLReplicationSigningCertificate##
##MS_SQLAuthenticatorCertificate##
##MS_PolicySigningCertificate##
##MS_SmoExtendedSigningCertificate##
##MS_AgentSigningCertificate##
I suspect they are not a security threat but, since they don't use Windows Authentication either, I don't know how to support that assumption.
What are these logins for ?
No correct solution
Licensed under: CC-BY-SA with attribution
Not affiliated with dba.stackexchange