Ensure database firewalls do not permit public access
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | database |
| Provider | Azure |
| Vulnerability Type | omission |
Description#
The firewall rule is configured to allow public access to the Azure database by using a wide IP range (e.g., 0.0.0.0 to 255.255.255.255), exposing the database to the entire internet. This misconfiguration permits any external source to attempt connections to the database server.
Impact#
Publicly exposing the database increases the risk of unauthorized access, data breaches, and potential compromise of sensitive information. Attackers could exploit the open access to exfiltrate data, disrupt database services, or launch further attacks against the organization’s infrastructure.
Resolution#
Don’t use wide ip ranges for the sql firewall