Scenario No. 2 This one is even worse because it’s far more likely and more dangerous to cause an unintended privilege violation.
Let’s say you’re a developer, and like many devs, you have sys admin on your dev box. You ask the database administrator to look at something on your box because you are having trouble with a query, would like him to take a backup - or some other ruse of your creation.
Once the database administrator logs on, you’re able to retrieve his password. Now, you not only have sys admin privilegs on all the SQL boxes, you have his log-in, so no one can trace it back to you. If nothing else, you could steal information and nobody would know anything about it. A security audit afterward wouldn’t show anything at all because everyone has the correct rights.
But it gets worse. You don’t have to pose as the database administrator or coax him into coming onto your box to steal his credentials. There are plenty of other credentials you can steal. Let’s say you have a product like Ecora that takes full inventory of your SQL boxes. It’s likely taking inventory of your dev box too, so you can steal that account.