Skip to main content

Publicly accessible database are exposed to remote attacks

  • GG_ID: GG_IAC_0004
  • Severity: HIGH
  • Complexity: HIGH
  • Categories: NETWORK
  • Providers: AWS
  • Potential data exposure: True
  • Visible in logs: False
  • User interaction required: False
  • Privileges required: False

Description#

Publicly accessible AWS RDS instances are exposed to the whole web, and thus subject to a range of remote attacks."

Impact#

Having public access means anyone can try and connect to the database.

  • If credentials are required to establish a connection, it still leaves open the possibility to bruteforce the credentials, or perform Denial of Service attacks.

  • If no credentials are required, or credentials have been acquired by an attacker, then the asset is fully compromised.

Remediation guidelines#

Integrate the database in a Virtual Private Cloud (VPC), and configure the VPC according to the principle of least privileges.

External documentation#