Skip to main content

DB2 Credentials

Description#

General#

  • Documentation: https://www.ibm.com/support/knowledgecenter/SSEPGG
  • Summary: Db2 is a family of data management products, including database servers, developed by IBM. The credentials this detector catches are used to connect to DB2 instances. The credentials can be inside a single URI or multiple parameters. The port number can be attached to the hostname or defined separately.
  • IPs allowlist: This feature is not available.
  • Scopes: Ranges from administration privileges to simple user rights.

Revoke the secret#

The DB2 password can be changed on the control server (see here)

Check for suspicious activity#

Db2 provides different features in order to monitor activities on the database which can, when used properly, serve to detect malicious activities (see here for more information).

Details for Db2 assignment#

  • Family: Database

  • Category: Data storage

  • Company: IBM

  • High recall: False

  • Validity check available: True

  • On-premise instances exist: True

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 4

  • Occurrences found for one million commits: 2.27

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions: []  banlist_filenames: []  check_binaries: false  include_default_banlist_extensions: true  ban_markup: true- type: ContentWhitelistPreValidator  patterns:  - db2  - as400

Examples#

- text: |    db.url=jdbc:db2://google.com/dev    db.port=50003    db.user=root    db.password=sup3rstr0ngpass  host: google.com  port: "50003"  username: root  password: sup3rstr0ngpass

Details for Db2 assignment attached port#

  • Family: Database

  • Category: Data storage

  • Company: IBM

  • High recall: False

  • Validity check available: True

  • On-premise instances exist: True

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 4

  • Occurrences found for one million commits: 1.51

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions: []  banlist_filenames: []  check_binaries: false  include_default_banlist_extensions: true  ban_markup: true- type: ContentWhitelistPreValidator  patterns:  - db2  - as400

Examples#

- text: |    db.url=jdbc:db2://google.com:50003/dev    db.user=root    db.password=sup3rstr0ngpass  host: google.com  port: "50003"  username: root  password: sup3rstr0ngpass

Details for Db2 uri#

  • Family: Database

  • Category: Data storage

  • Company: IBM

  • High recall: True

  • Validity check available: True

  • On-premise instances exist: True

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 8

  • Occurrences found for one million commits: 7.19

  • Prefixed: True

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions: []  banlist_filenames: []  check_binaries: false  include_default_banlist_extensions: true  ban_markup: false- type: ContentWhitelistPreValidator  patterns:  - db2  - as400  - ibm_db_sa

Examples#

- text: |    CONNECTION_URI="db2://root:m42ploz2wd@google.com:5434/hellothere"  host: google.com  port: "5434"  username: root  password: m42ploz2wd  scheme: db2  database: hellothere  connection_uri: db2://root:m42ploz2wd@google.com:5434/hellothere
- text: |    uri="ibm_db_sa://user:str0ngp4ss@google.com:3000/hellothere"  host: google.com  port: "3000"  username: user  password: str0ngp4ss  scheme: ibm_db_sa  database: hellothere  connection_uri: ibm_db_sa://user:str0ngp4ss@google.com:3000/hellothere
# Test special characters in password- text: |    uri="ibm_db_sa://user:str0ngp@ss!@google.com:3000/hellothere"  host: google.com  port: "3000"  username: user  password: str0ngp@ss!  scheme: ibm_db_sa  database: hellothere  connection_uri: ibm_db_sa://user:str0ngp@ss!@google.com:3000/hellothere
# Test detection in md files- text: |    uri="ibm_db_sa://user:str0ngp@ss!@google.com:3000/hellothere"  host: google.com  port: "3000"  username: user  password: str0ngp@ss!  scheme: ibm_db_sa  database: hellothere  connection_uri: ibm_db_sa://user:str0ngp@ss!@google.com:3000/hellothere