Skip to content

Commit

Permalink
Better open database port messages (#1143)
Browse files Browse the repository at this point in the history
  • Loading branch information
kazet authored Jul 11, 2024
1 parent 4eb673d commit 51bcf17
Show file tree
Hide file tree
Showing 7 changed files with 82 additions and 26 deletions.
2 changes: 1 addition & 1 deletion artemis/config.py
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ class Reporting:
MIN_DAYS_BETWEEN_REMINDERS__SEVERITY_LOW: Annotated[
int,
"If a low-severity report has already been seen earlier - how much time needs to pass for a second report to be generated.",
] = get_config("MIN_DAYS_BETWEEN_REMINDERS__SEVERITY_LOW", default=8 * 30, cast=int)
] = get_config("MIN_DAYS_BETWEEN_REMINDERS__SEVERITY_LOW", default=18 * 30, cast=int)

MIN_DAYS_BETWEEN_REMINDERS__SEVERITY_MEDIUM: Annotated[
int,
Expand Down
Original file line number Diff line number Diff line change
@@ -1,11 +1,16 @@
{% if "nuclei_exposed_panel" in data.contains_type %}
{% set contains_db_admin = namespace(data=0) %}

<li>{% trans %}The following addresses contain login panels, analytics services, management panels etc.:{% endtrans %}
<ul>
{% for report in data.reports %}
{% if report.report_type == "nuclei_exposed_panel" %}
<li>
{{ report.target }}: {{ report.additional_data.description_translated }}
{{ report_meta(report) }}
{% if 'phpmyadmin' in report.target.lower() or 'phpppgadmin' in report.target.lower() %}
{% set contains_db_admin.data = 1 %}
{% endif %}
</li>
{% endif %}
{% endfor %}
Expand All @@ -17,6 +22,16 @@
recommend to have as few such publicly accessible services as possible.
{% endtrans %}
</p>
{% if contains_db_admin.data %}
<p>
{% trans trimmed %}
A password leak may be caused by an accidentally exposed configuration file such as a backup of
<tt>/wp-config.php</tt> or by a local file inclusion vulnerability. Such mistakes are
frequent, and lack of publicly exposed database management panels makes it significantly
harder to perform an attack.
{% endtrans %}
</p>
{% endif %}
<p>
{% trans trimmed %}
We recommend that such resources are only available in an internal network, using a VPN
Expand Down
Original file line number Diff line number Diff line change
@@ -1,18 +1,27 @@
#: artemis/reporting/modules/nuclei/template_nuclei_exposed_panel.jinja2:2
#: artemis/reporting/modules/nuclei/template_nuclei_exposed_panel.jinja2:4
msgid ""
"The following addresses contain login panels, analytics services, "
"management panels etc.:"
msgstr ""

#: artemis/reporting/modules/nuclei/template_nuclei_exposed_panel.jinja2:14
#: artemis/reporting/modules/nuclei/template_nuclei_exposed_panel.jinja2:19
msgid ""
"To decrease the probability of an attack (caused by an attacker using a "
"leaked password, by one of the accounts having a weak password, or by "
"vulnerabilities in the service), we recommend to have as few such "
"publicly accessible services as possible."
msgstr ""

#: artemis/reporting/modules/nuclei/template_nuclei_exposed_panel.jinja2:21
#: artemis/reporting/modules/nuclei/template_nuclei_exposed_panel.jinja2:27
msgid ""
"A password leak may be caused by an accidentally exposed configuration "
"file such as a backup of <tt>/wp-config.php</tt> or by a local file "
"inclusion vulnerability. Such mistakes are frequent, and lack of publicly"
" exposed database management panels makes it significantly harder to "
"perform an attack."
msgstr ""

#: artemis/reporting/modules/nuclei/template_nuclei_exposed_panel.jinja2:36
msgid ""
"We recommend that such resources are only available in an internal "
"network, using a VPN or from a restricted set of IP addresses."
Expand Down
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
#: artemis/reporting/modules/nuclei/template_nuclei_exposed_panel.jinja2:2
#: artemis/reporting/modules/nuclei/template_nuclei_exposed_panel.jinja2:4
msgid ""
"The following addresses contain login panels, analytics services, "
"management panels etc.:"
msgstr ""
"Poniższe adresy zawierają zasoby takie jak panele logowania, narzędzia "
"analityczne, panele administracyjne itp.:"

#: artemis/reporting/modules/nuclei/template_nuclei_exposed_panel.jinja2:14
#: artemis/reporting/modules/nuclei/template_nuclei_exposed_panel.jinja2:19
msgid ""
"To decrease the probability of an attack (caused by an attacker using a "
"leaked password, by one of the accounts having a weak password, or by "
Expand All @@ -18,7 +18,23 @@ msgstr ""
"usłudze) rekomendujemy, aby jak najmniej takich zasobów było dostępnych "
"publicznie."

#: artemis/reporting/modules/nuclei/template_nuclei_exposed_panel.jinja2:21
#: artemis/reporting/modules/nuclei/template_nuclei_exposed_panel.jinja2:27
msgid ""
"A password leak may be caused by an accidentally exposed configuration "
"file such as a backup of <tt>/wp-config.php</tt> or by a local file "
"inclusion vulnerability. Such mistakes are frequent, and lack of publicly"
" exposed database management panels makes it significantly harder to "
"perform an attack."
msgstr ""
"Do wycieku hasła może dojść np. gdy kopia zapasowa pliku "
"konfiguracyjnego takiego jak <tt>/wp.config.php</tt> zostanie przypadkowo"
" upubliczniona, lub gdy zostanie wykorzystana podatność w aplikacji "
"pozwalająca na odczyt plików. Z doświadczeń CERT Polska w obsłudze "
"incydentów wynika, że takie błędy są częste, a brak publicznie dostępnego"
" panelu zarządzania bazą danych znacząco utrudnia atakującym dalsze "
"prowadzenie ataku."

#: artemis/reporting/modules/nuclei/template_nuclei_exposed_panel.jinja2:36
msgid ""
"We recommend that such resources are only available in an internal "
"network, using a VPN or from a restricted set of IP addresses."
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,13 @@
</ul>
<p>
{% trans trimmed %}
Databases shouldn't be publicly available - an attack is possible when the password
leaks (e.g. because of an exposed configuration file such as a backup of <tt>/wp-config.php</tt>).
The recommended configuration is to make the database
available to the application locally or using an internal network.
We do not recommend database ports to be publicly available - although they require correct username
and password to login, an attack is possible when the password leaks or is too simple.
A password leak may be caused e.g. by an accidentally exposed configuration file such as a backup of
<tt>/wp-config.php</tt> or by a local file inclusion vulnerability. Such mistakes are frequent, and lack of publicly exposed
database ports makes it significantly harder to perform an attack.

The recommended configuration is to make the database available to the application locally or using an internal network.
{% endtrans %}
</p>
</li>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,15 @@ msgstr ""

#: artemis/reporting/modules/port_scanner/template_open_port_database.jinja2:14
msgid ""
"Databases shouldn't be publicly available - an attack is possible when "
"the password leaks (e.g. because of an exposed configuration file such as"
" a backup of <tt>/wp-config.php</tt>). The recommended configuration is "
"to make the database available to the application locally or using an "
"internal network."
"We do not recommend database ports to be publicly available - although "
"they require correct username and password to login, an attack is "
"possible when the password leaks or is too simple. A password leak may be"
" caused e.g. by an accidentally exposed configuration file such as a "
"backup of <tt>/wp-config.php</tt> or by a local file inclusion "
"vulnerability. Such mistakes are frequent, and lack of publicly exposed "
"database ports makes it significantly harder to perform an attack. The "
"recommended configuration is to make the database available to the "
"application locally or using an internal network."
msgstr ""

#: artemis/reporting/modules/port_scanner/template_open_port_remote_desktop.jinja2:2
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,17 +9,26 @@ msgstr "domena: "

#: artemis/reporting/modules/port_scanner/template_open_port_database.jinja2:14
msgid ""
"Databases shouldn't be publicly available - an attack is possible when "
"the password leaks (e.g. because of an exposed configuration file such as"
" a backup of <tt>/wp-config.php</tt>). The recommended configuration is "
"to make the database available to the application locally or using an "
"internal network."
"We do not recommend database ports to be publicly available - although "
"they require correct username and password to login, an attack is "
"possible when the password leaks or is too simple. A password leak may be"
" caused e.g. by an accidentally exposed configuration file such as a "
"backup of <tt>/wp-config.php</tt> or by a local file inclusion "
"vulnerability. Such mistakes are frequent, and lack of publicly exposed "
"database ports makes it significantly harder to perform an attack. The "
"recommended configuration is to make the database available to the "
"application locally or using an internal network."
msgstr ""
"Bazy danych nie powinny być publicznie dostępne - atak jest możliwy np. "
"gdy hasło wycieknie (np. gdy kopia zapasowa pliku konfiguracyjnego "
"takiego jak <tt>/wp.config.php</tt> zostanie przypadkowo upubliczniona). "
"Zalecamy, aby baza danych była dostępna tylko lokalnie lub w sieci "
"wewnętrznej."
"Nie rekomendujemy, aby porty baz danych były publicznie dostępne - "
"logowanie wymaga podania nazwy użytkownika i hasła, lecz atak jest "
"możliwy gdy hasło wycieknie, lub jest zbyt małej złożoności. Do wycieku "
"hasła może dojść np. gdy kopia zapasowa pliku konfiguracyjnego takiego "
"jak <tt>/wp.config.php</tt> zostanie przypadkowo upubliczniona, lub gdy "
"zostanie wykorzystana podatność w aplikacji pozwalająca na odczyt plików."
" Z doświadczeń CERT Polska w obsłudze incydentów wynika, że takie błędy "
"są częste, a brak publicznie dostępnego panelu zarządzania bazą danych "
"znacząco utrudnia atakującym dalsze prowadzenie ataku. Zalecamy, aby baza"
" danych była dostępna tylko lokalnie lub w sieci wewnętrznej."

#: artemis/reporting/modules/port_scanner/template_open_port_remote_desktop.jinja2:2
msgid "The following servers have remote desktop ports open:"
Expand Down

0 comments on commit 51bcf17

Please sign in to comment.