DB2 Credentials
Description
General
- Documentation: https://www.ibm.com/support/knowledgecenter/SSEPGG
- Summary: Db2 is a family of data management products, including database servers, developed by IBM. The credentials this detector catches are used to connect to DB2 instances. The credentials can be inside a single URI or multiple parameters. The port number can be attached to the hostname or defined separately.
- IPs allowlist: This feature is not available.
- Scopes: Ranges from administration privileges to simple user rights.
Revoke the secret
The DB2 password can be changed on the control server (see here)
Check for suspicious activity
Db2 provides different features in order to monitor activities on the database which can, when used properly, serve to detect malicious activities (see here for more information).
Details for Db2 assignment
Family: Database
Category: Data storage
Company: IBM
High recall: False
Validity check available: True
On-premise instances exist: False
Only valid secrets raise an alert: False
Minimum number of matches: 4
Occurrences found for one million commits: 0.24
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator
banlist_extensions: []
banlist_filenames: []
check_binaries: false
include_default_banlist_extensions: true
ban_markup: true
- type: ContentWhitelistPreValidator
patterns:
- db2
- as400
Examples
- text: |
db.url=jdbc:db2://google.com/dev
db.port=50003
db.user=root
db.password=sup3rstr0ngpass
host: google.com
port: '50003'
username: root
password: sup3rstr0ngpass
Details for Db2 assignment attached port
Family: Database
Category: Data storage
Company: IBM
High recall: False
Validity check available: True
On-premise instances exist: False
Only valid secrets raise an alert: False
Minimum number of matches: 4
Occurrences found for one million commits: 1.51
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator
banlist_extensions: []
banlist_filenames: []
check_binaries: false
include_default_banlist_extensions: true
ban_markup: true
- type: ContentWhitelistPreValidator
patterns:
- db2
- as400
Examples
- text: |
db.url=jdbc:db2://google.com:50003/dev
db.user=root
db.password=sup3rstr0ngpass
host: google.com
port: '50003'
username: root
password: sup3rstr0ngpass
Details for Db2 uri
Family: Database
Category: Data storage
Company: IBM
High recall: True
Validity check available: True
On-premise instances exist: False
Only valid secrets raise an alert: False
Minimum number of matches: 5
Occurrences found for one million commits: 0.72
Prefixed: True
PreValidators:
- type: FilenameBanlistPreValidator
banlist_extensions: []
banlist_filenames: []
check_binaries: false
include_default_banlist_extensions: true
ban_markup: false
- type: ContentWhitelistPreValidator
patterns:
- db2
- as400
- ibm_db_sa
Examples
- text: |
CONNECTION_URI="db2://root:m42ploz2wd@google.com:5434/hellothere"
host: google.com
port: '5434'
username: root
password: m42ploz2wd
scheme: db2
database: hellothere
connection_uri: db2://root:m42ploz2wd@google.com:5434/hellothere
- text: |
uri="ibm_db_sa://user:str0ngp4ss@google.com:3000/hellothere"
host: google.com
port: '3000'
username: user
password: str0ngp4ss
scheme: ibm_db_sa
database: hellothere
connection_uri: ibm_db_sa://user:str0ngp4ss@google.com:3000/hellothere
# Test special characters in password
- text: |
uri="ibm_db_sa://user:str0ngp@ss!@google.com:3000/hellothere"
host: google.com
port: '3000'
username: user
password: str0ngp@ss!
scheme: ibm_db_sa
database: hellothere
connection_uri: ibm_db_sa://user:str0ngp@ss!@google.com:3000/hellothere
# Test detection in md files
- text: |
uri="ibm_db_sa://user:str0ngp@ss!@google.com:3000/hellothere"
host: google.com
port: '3000'
username: user
password: str0ngp@ss!
scheme: ibm_db_sa
database: hellothere
connection_uri: ibm_db_sa://user:str0ngp@ss!@google.com:3000/hellothere
