Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The SQL database firewall is configured to allow connections from any IP address (0.0.0.0/0), exposing the database to the entire internet. This removes any network-level restriction on who can access the database instance.
Impact#
If exploited, anyone on the internet could attempt to connect to your database, increasing the risk of unauthorized data access, brute-force attacks, or compromise of sensitive information. This could lead to data breaches, service disruption, or further attacks against your environment.