Database can be read without authentication
OWASP 2013-A2 OWASP 2017-A2 OWASP 2021-A7 OWASP PC-C3 CWE-306 WASC-01
A database is an organised collection of data that can be stored and accessed electronically. Database stores data in the form of tables. A database is organised using a DataBase Management System (DBMS). The DBMS has implemented authentication so as to block the access to the database from attackers. There are many files in the server that reveal information about the database. These files include the catalog.nsf, cersvr.ncf and so on. These files must be restricted from being accessed by an attacker. These files might reveal information like database name, user credentials and many more. This information can be used by an attacker to know more about its users. The attacker can sell the leaked information to companies that indulge in information collection. This information will help advertisement companies to personalise adverts for the users. This vulnerability will allow the following attacks:-
- Excessive privileges: When users are given unnecessary privileges to an application.
- Privilege abuse: When an attacker misuses his privileges to perform malicious activities.
- Unauthorised privilege elevation: An attacker change his low-level access to high-level access via exploiting the database management system.
- SQL injection: Here, an attacker will exploit the front-end of the application to exploit the database.
- Platform vulnerabilities: This vulnerability occurs due to the usage of a vulnerable operating system.
- And so on.
Using this vulnerability, an attacker can:-
- gain full access to the server
- perform a data breach for accessing sensitive information
- read, update and delete arbitrary data/tables from the database
- execute commands on the underlying operating system
Mitigation / Precaution
Beagle recommends the following impacts:-
- Use the latest updated version of the database.
- Secure database by not exposing it to the network.
- Restrict access to the local system.