0

I would like to get an expert opinion on how dangerous is it to have the database server name and SQL server instance and port number compromised by accidentally exposing it in source code snippet posted on the internet.

A connection string was accidentally posted on the internet with the username and password masked but the server name and sqlserver port number remaining in open text. The posted info contained the following: 

sub.server.domain.tld/SqlServerXXXX;12345; User Id="MASKED" Password="MASKED" Initial Catalog="MASKED"

This Windows server is on a large corporate network Active Directory domain and is not public-facing, so it’s behind a standard set of firewalls, etc. It currently hosts a development database for an internal intranet website. The domain.tld is the same as the company web address.

So basically a potential attacker knows that a server named "sub.server.domain.tld" exists with SQLServer database(s) listening on port 12345 on the corporate network owned of the company "domain.tld".

  • What can they do with this kind of info?

  • How much danger is this server in? Should it be disconnected and burnt immediately?

  • Is there a danger to other computers on the network?

schroeder
  • 125,553
  • 55
  • 289
  • 326
Paceman
  • 101
  • 2

2 Answers2

4

Sounds to me, that what was leaked is only information obtainable by a simple nmap scan.

If the security of your system depended on that staying private, you might have an issue in you approach anyways.

As long as the credentials were not leaked and your db server has good access control rules, I wouldn't worry.

I mean, think about it: if the db should be tapped by different services inside your company, then the "leaked" info is not secret anyways. If the db is used only by specific services, then access to it should be explicitly limited to those whitelisted IPs or subnets.

daniel f.
  • 281
  • 1
  • 6
3

Because this is an internal server, the potential here is that you have leaked some information about how your organization configures internal DNS and SQL servers.

This is not a danger to this particular server (no need to burn it) but gives a glimpse into the inner workings of your company.

If an attacker was already in your network, then this info would be exposed anyway, but it could (potentially) help a determined attacker to gain access to your network.

It's a good idea to keep this kind of info confidential, but exposing this info doesn't mean you've opened the door to 'hackers'.

schroeder
  • 125,553
  • 55
  • 289
  • 326