DB2 Credentials
#
Description#
General- Documentation: https://www.ibm.com/support/knowledgecenter/SSEPGG
- Summary: Db2 is a family of data management products, including database servers, developed by IBM. The credentials this detector catches are used to connect to DB2 instances. The credentials can be inside a single URI or multiple parameters. The port number can be attached to the hostname or defined separately.
- IPs allowlist: This feature is not available.
- Scopes: Ranges from administration privileges to simple user rights.
#
Revoke the secretThe DB2 password can be changed on the control server (see here)
#
Check for suspicious activityDb2 provides different features in order to monitor activities on the database which can, when used properly, serve to detect malicious activities (see here for more information).
Db2 assignment
#
Details for Family: Database
Category: Data storage
Company: IBM
High recall: False
Validity check available: True
On-premise instances exist: True
Only valid secrets raise an alert: False
Minimum number of matches: 4
Occurrences found for one million commits: 2.27
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: [] banlist_filenames: [] check_binaries: false include_default_banlist_extensions: true ban_markup: true- type: ContentWhitelistPreValidator patterns: - db2 - as400
#
Examples- text: | db.url=jdbc:db2://google.com/dev db.port=50003 db.user=root db.password=sup3rstr0ngpass host: google.com port: "50003" username: root password: sup3rstr0ngpass
Db2 assignment attached port
#
Details for Family: Database
Category: Data storage
Company: IBM
High recall: False
Validity check available: True
On-premise instances exist: True
Only valid secrets raise an alert: False
Minimum number of matches: 4
Occurrences found for one million commits: 1.51
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: [] banlist_filenames: [] check_binaries: false include_default_banlist_extensions: true ban_markup: true- type: ContentWhitelistPreValidator patterns: - db2 - as400
#
Examples- text: | db.url=jdbc:db2://google.com:50003/dev db.user=root db.password=sup3rstr0ngpass host: google.com port: "50003" username: root password: sup3rstr0ngpass
Db2 uri
#
Details for Family: Database
Category: Data storage
Company: IBM
High recall: True
Validity check available: True
On-premise instances exist: True
Only valid secrets raise an alert: False
Minimum number of matches: 8
Occurrences found for one million commits: 7.19
Prefixed: True
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: [] banlist_filenames: [] check_binaries: false include_default_banlist_extensions: true ban_markup: false- type: ContentWhitelistPreValidator patterns: - db2 - as400 - ibm_db_sa
#
Examples- text: | CONNECTION_URI="db2://root:m42ploz2wd@google.com:5434/hellothere" host: google.com port: "5434" username: root password: m42ploz2wd scheme: db2 database: hellothere connection_uri: db2://root:m42ploz2wd@google.com:5434/hellothere
- text: | uri="ibm_db_sa://user:str0ngp4ss@google.com:3000/hellothere" host: google.com port: "3000" username: user password: str0ngp4ss scheme: ibm_db_sa database: hellothere connection_uri: ibm_db_sa://user:str0ngp4ss@google.com:3000/hellothere
# Test special characters in password- text: | uri="ibm_db_sa://user:str0ngp@ss!@google.com:3000/hellothere" host: google.com port: "3000" username: user password: str0ngp@ss! scheme: ibm_db_sa database: hellothere connection_uri: ibm_db_sa://user:str0ngp@ss!@google.com:3000/hellothere
# Test detection in md files- text: | uri="ibm_db_sa://user:str0ngp@ss!@google.com:3000/hellothere" host: google.com port: "3000" username: user password: str0ngp@ss! scheme: ibm_db_sa database: hellothere connection_uri: ibm_db_sa://user:str0ngp@ss!@google.com:3000/hellothere