DB2 Credentials
Description#
General#
- Documentation: https://www.ibm.com/support/knowledgecenter/SSEPGG
- Summary: Db2 is a family of data management products, including database servers, developed by IBM. The credentials this detector catches are used to connect to DB2 instances. The credentials can be inside a single URI or multiple parameters. The port number can be attached to the hostname or defined separately.
- IPs allowlist: This feature is not available.
- Scopes: Ranges from administration privileges to simple user rights.
Revoke the secret#
The DB2 password can be changed on the control server (see here)
Check for suspicious activity#
Db2 provides different features in order to monitor activities on the database which can, when used properly, serve to detect malicious activities (see here for more information).
Details for Db2 assignment#
Family: Database
Category: Data storage
Company: IBM
High recall: False
Validity check available: True
On-premise instances exist: True
Only valid secrets raise an alert: False
Minimum number of matches: 4
Occurrences found for one million commits: 2.27
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: [] banlist_filenames: [] check_binaries: false include_default_banlist_extensions: true ban_markup: true- type: ContentWhitelistPreValidator patterns: - db2 - as400
Examples#
- text: > db.url=jdbc:db2://google.com/dev db.port=50003 db.user=root db.password=sup3rstr0ngpass host: google.com port: "50003" username: root password: sup3rstr0ngpass
Details for Db2 assignment attached port#
Family: Database
Category: Data storage
Company: IBM
High recall: False
Validity check available: True
On-premise instances exist: True
Only valid secrets raise an alert: False
Minimum number of matches: 4
Occurrences found for one million commits: 1.51
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: [] banlist_filenames: [] check_binaries: false include_default_banlist_extensions: true ban_markup: true- type: ContentWhitelistPreValidator patterns: - db2 - as400
Examples#
- text: > db.url=jdbc:db2://google.com:50003/dev db.user=root db.password=sup3rstr0ngpass host: google.com port: "50003" username: root password: sup3rstr0ngpass
Details for Db2 uri#
Family: Database
Category: Data storage
Company: IBM
High recall: True
Validity check available: True
On-premise instances exist: True
Only valid secrets raise an alert: False
Minimum number of matches: 8
Occurrences found for one million commits: 7.19
Prefixed: True
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: [] banlist_filenames: [] check_binaries: false include_default_banlist_extensions: true ban_markup: false- type: ContentWhitelistPreValidator patterns: - db2 - as400 - ibm_db_sa
Examples#
- text: > CONNECTION_URI="db2://root:m42ploz2wd@google.com:5434/hellothere" host: google.com port: "5434" username: root password: m42ploz2wd scheme: db2 database: hellothere connection_uri: db2://root:m42ploz2wd@google.com:5434/hellothere
- text: > uri="ibm_db_sa://user:str0ngp4ss@google.com:3000/hellothere" host: google.com port: "3000" username: user password: str0ngp4ss scheme: ibm_db_sa database: hellothere connection_uri: ibm_db_sa://user:str0ngp4ss@google.com:3000/hellothere
# Test special characters in password- text: > uri="ibm_db_sa://user:str0ngp@ss!@google.com:3000/hellothere" host: google.com port: "3000" username: user password: str0ngp@ss! scheme: ibm_db_sa database: hellothere connection_uri: ibm_db_sa://user:str0ngp@ss!@google.com:3000/hellothere
# Test detection in md files- text: > uri="ibm_db_sa://user:str0ngp@ss!@google.com:3000/hellothere" host: google.com port: "3000" username: user password: str0ngp@ss! scheme: ibm_db_sa database: hellothere connection_uri: ibm_db_sa://user:str0ngp@ss!@google.com:3000/hellothere filename: some_file.md