Scenario No. 1
You’re the sys admin of a company and you have rights on all your SQL boxes. You also have an auditing solution in place to ensure that nobody, including yourself, does anything they’re not supposed to. And for some reason you get a wild hair to be nefarious. However, you have a pesky auditing solution keeping you honest.
Then you read Sentrigo’s story. You figure out how to read SQL’s memory, then obtain the username and password of the guy you’re mad at. You start doing your bidding in the database under his name. Now he’s under the microscope because his login is responsible for all of the malicious things transpiring. He’s likely to get fired, though he didn’t do anything. This could go on forever before anyone figures it out. Though you’re a sys admin with wide-ranging rights, this is the very reason you shouldn’t be able to access someone else’s password.
Gaining permission to decrypt sensitive data is another part of this scenario. You could have a third-party encryption app in place that keeps the database administrators from seeing the data. Remember, it’s not necessarily as much about gaining more access as much as it’s about impersonating someone else -- which you should never be allowed to do. Also, maybe you’re sys admin on certain boxes only, but this would allow you to gain that same level of rights on other boxes.
Scenario No. 2
This one is even worse because it’s far more likely and more dangerous to cause an unintended privilege violation.
Let’s say you’re a developer, and like many devs, you have sys admin on your dev box. You ask the database administrator to look at something on your box because you are having trouble with a query, would like him to take a backup -- or some other ruse of your creation. Once the database administrator logs on, you’re able to retrieve his password. Now, you not only have sys admin privilegs on all the SQL boxes, you have his log-in, so no one can trace it back to you. If nothing else, you could steal information and nobody would know anything about it. A security audit afterward wouldn’t show anything at all because everyone has the correct rights.
But it gets worse. You don’t have to pose as the database administrator or coax him into coming onto your box to steal his credentials. There are plenty of other credentials you can steal. Let’s say you have a product like Ecora that takes full inventory of your SQL boxes. It’s likely taking inventory of your dev box too, so you can steal that account. What about monitoring packages like SCOM, Spotlight, or OpenView? Or how about any scripts that might be running across your LAN to do one thing or another? There are so many moving parts in a big organization, it’s impossible to track them all.