3.1.2 Restrict use of set proxy

Information

Sybase ASE supports proxy authorization, allowing Security Officers the ability to grant
selected logins the ability to assume the security context of another user via the set proxy
grant.

Rationale:

The set proxy grant potentially allows a user to impersonate any other login unless
restricted via the restrict role parameter.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

1. When using the set proxy command, always use the restrict role parameter.

See Also

https://workbench.cisecurity.org/files/1612