SYM_CONF_0163 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The firewall rule allows incoming traffic from any IP address (0.0.0.0/0) to port 3306, which is used by MySQL. This exposes your database to the public internet and makes it accessible to anyone.
Impact
Attackers could attempt to connect directly to your MySQL database, potentially leading to unauthorized data access, data breaches, or database compromise. This significantly increases the risk of credential brute-forcing and exploitation of database vulnerabilities.