Skip to content

Latest commit

 

History

History
112 lines (96 loc) · 8.76 KB

attack-tree.md

File metadata and controls

112 lines (96 loc) · 8.76 KB

Attack Tree Analysis for oracle/node-oracledb

Objective: To gain unauthorized access to, modify, or exfiltrate data from the Oracle Database, or to disrupt the database service, by exploiting vulnerabilities or misconfigurations in the node-oracledb driver or its usage within the application.

Attack Tree Visualization

                                      Attacker's Goal:
                                      Compromise Oracle Database via node-oracledb
                                                  |
        -------------------------------------------------------------------------------------------------
        |                                                                               |
  [HIGH-RISK] 1. SQL Injection                                                 [HIGH-RISK] 3. Credential/Configuration Attacks
        |                                                                               |
  -------------                                                                 --------------------------------
  |                                                                               |                              |
[CRITICAL] 1.1.1                                                                 [CRITICAL] 3.1.1 In Source Code         [CRITICAL] 3.2.1 Oracle Default Accounts
Direct SQL Query                                                                 |                              |
Construction                                                                    [CRITICAL] 3.1.2 In Configuration Files   [CRITICAL] 3.2.2 Easily Guessable Passwords
                                                                                |
                                                                                |
                                                                                [HIGH-RISK] 3.3 Insecure Storage of Credentials
                                                                                |
                                                                                |
                                                                                [CRITICAL] 3.3.1 Plaintext Files
                                                                                |
                                                                                [HIGH-RISK] 3.4 Credential Stuffing/Brute-Force
                                                                                |
                                                                                [CRITICAL] 3.4.1 Weak Password Policies
                                                                                |
                                                                                [CRITICAL] 3.4.2 Lack of Account Lockout

        |
  [HIGH-RISK] 5.  Privilege Escalation (via Database)
        |
  -------------------------------------------------
  |                                               |
[HIGH-RISK] 5.1 Exploiting Oracle DB Vulnerabilities       [HIGH-RISK] 5.2 Misconfigured Database Permissions
  |                                               |
  |                                               |
[CRITICAL] 5.1.1 Unpatched Oracle DB Instance             [CRITICAL] 5.2.1 Excessive Privileges Granted to Application User

        |
  [HIGH-RISK] 6.  Man-in-the-Middle (MITM) Attacks (if TLS misconfigured)
        |
  -------------------------------------------------
  |
[HIGH-RISK] 6.1  Intercepting/Modifying Database Traffic
  |
  |
[CRITICAL] 6.1.1  Missing or Invalid TLS Certificates

Attack Tree Path: 1. SQL Injection [HIGH-RISK]

  • Description: Attackers inject malicious SQL code into database queries through application inputs. This is a classic and highly effective attack if input validation and parameterized queries are not used correctly.
  • Critical Node:
    • 1.1.1 Direct SQL Query Construction:
      • Description: The application constructs SQL queries by directly concatenating user-provided input with SQL strings, without using bind variables. This is the most severe form of SQL injection.
      • Example: query = "SELECT * FROM users WHERE username = '" + userInput + "'";
      • Mitigation: Always use parameterized queries (bind variables) with node-oracledb. Never construct SQL queries by concatenating strings. Use input validation as defense-in-depth, but not as a replacement for bind variables.

Attack Tree Path: 3. Credential/Configuration Attacks [HIGH-RISK]

  • Description: Attackers gain access to database credentials through various insecure practices.

  • Critical Nodes:

    • 3.1.1 In Source Code:
      • Description: Database credentials are hardcoded directly within the application's source code.
      • Mitigation: Never store credentials in source code. Use environment variables, a secure configuration management system, or a dedicated secrets management solution.
    • 3.1.2 In Configuration Files:
      • Description: Credentials are stored in unencrypted configuration files.
      • Mitigation: Never store credentials in unencrypted files. Use encrypted configuration files or a secrets management solution.
    • 3.2.1 Oracle Default Accounts:
      • Description: The application uses default Oracle accounts (e.g., SYS, SYSTEM) with their default passwords unchanged.
      • Mitigation: Change default passwords immediately after installation. Use dedicated, non-privileged accounts for applications.
    • 3.2.2 Easily Guessable Passwords:
      • Description: The application uses weak or easily guessable passwords for database accounts.
      • Mitigation: Enforce strong password policies (length, complexity, rotation).
    • 3.3.1 Plaintext Files:
      • Description: Credentials stored in unencrypted plain text files.
      • Mitigation: Never store credentials in plain text. Use a secure secrets management solution.
    • 3.4.1 Weak Password Policies:
      • Description: The application or database allows users to set weak passwords.
      • Mitigation: Enforce strong password policies, including minimum length, complexity requirements (uppercase, lowercase, numbers, symbols), and regular password changes.
    • 3.4.2 Lack of Account Lockout:
      • Description: The application or database does not lock accounts after a certain number of failed login attempts.
      • Mitigation: Implement account lockout mechanisms to prevent brute-force attacks.

  • High-Risk Sub-Paths:

    • 3.3 Insecure Storage of Credentials: This encompasses various ways credentials can be exposed if not properly secured.
    • 3.4 Credential Stuffing/Brute-Force: This attack vector becomes highly effective if weak passwords are allowed and there's no account lockout.

Attack Tree Path: 5. Privilege Escalation (via Database) [HIGH-RISK]

  • Description: Attackers exploit vulnerabilities or misconfigurations within the Oracle Database to gain higher privileges than initially granted.
  • Critical Nodes:
    • 5.1.1 Unpatched Oracle DB Instance:
      • Description: The Oracle Database server is running an outdated version with known security vulnerabilities.
      • Mitigation: Keep the Oracle Database instance patched and up-to-date. Regularly apply security patches.
    • 5.2.1 Excessive Privileges Granted to Application User:
      • Description: The database user account used by the application has more privileges than necessary for its intended functionality.
      • Mitigation: Follow the principle of least privilege. Grant the application's database user only the minimum necessary permissions. Use roles and fine-grained access control.

Attack Tree Path: 6. Man-in-the-Middle (MITM) Attacks (if TLS misconfigured) [HIGH-RISK]

  • Description: Attackers intercept and potentially modify the communication between the application and the database server. This is possible if TLS/SSL is not used or is misconfigured.
  • Critical Node:
    • 6.1.1 Missing or Invalid TLS Certificates:
      • Description: The database connection is not using TLS, or the TLS certificate is invalid (expired, self-signed without proper trust, etc.).
      • Mitigation: Always use TLS/SSL for database connections. Configure node-oracledb to use a secure connection string. Verify the database server's certificate. Use strong cipher suites.