Database is publicly accessible
Severity | Exploitability | Providers | Categories |
---|---|---|---|
HIGH | HIGH | Azure | NETWORK |
Description
Even protected with authentication database should not be exposed publicly. Connection attempt could be done and in worst case data may leak.
In general, database should be protected behind firewall and wide range of ip should be avoided.
Impact
Potential data exposure | Visible in logs | User interaction required | Privileges required |
---|---|---|---|
True | True | False | False |
Third parties may try to authenticate which could lead to potential compromised data.
Remediation guidelines
Don't use wide range of ip when exposing services. Ensure that database instances are protected by a firewall.