Objective: Exfiltrate sensitive data stored in the TiDB cluster, or disrupt the availability of the TiDB cluster (Denial of Service), or gain unauthorized control over the TiDB cluster.
+-------------------------------------------------+
| Compromise TiDB-based Application (Exfiltration/DoS/Control) |
+-------------------------------------------------+
|
+-----------------------------------------------------------------------------------------------------------------+
| |
+-------------------------+ +-------------------------+ +-------------------------+
| 1. Data Exfiltration | | 2. Denial of Service | | 3. Gain Control |
+-------------------------+ +-------------------------+ +-------------------------+
| | |
+---------------------+---------------------+ +-----+-----+-----+ +-----+-----+
| 1.1 SQL Injection | 1.2 Compromise | | 2.1 | | 2.3 | | 3.1 | 3.2 |
| (TiDB Specific) | TiDB Client | |Resource| |Network| |Weak |Config|
+---------------------+---------------------+ |Exhaust| |Flooding| |Cred |Vulner|
| | | | | | |abilities|
+---------------------+ +-----+-----+-----+ +-----+-----+
|1.1.2 Misconfigured| |2.1.1| |2.3.1|
|Permissions/LPV | |CPU | |Network|
+---------------------+ | | |Flood |
| +-----+-----+-----+
+---------------------+
|1.2 Compromise |
| TiDB Client |
+---------------------+
|
+---------------------+
|3.1 Weak Credentials|
| /Auth Bypass |
+---------------------+
|
+---------------------+
|3.2 Configuration |
|Vulnerabilities |
+---------------------+
Attack Tree Path: 1. Data Exfiltration
-
1.1 SQL Injection (TiDB Specific):
- 1.1.2 Misconfigured Permissions/Least Privilege Violation:
- Description: Database users have excessive privileges, allowing even limited SQL injection vulnerabilities to be exploited for data exfiltration. This is a common and critical vulnerability.
- Likelihood: Medium
- Impact: Medium to High
- Effort: Low
- Skill Level: Beginner/Intermediate
- Detection Difficulty: Medium
- Mitigation:
- Strictly adhere to the principle of least privilege.
- Create database users with only the necessary permissions.
- Regularly audit user permissions and roles.
- Use TiDB's built-in RBAC features.
- 1.1.2 Misconfigured Permissions/Least Privilege Violation:
-
1.2 Compromise TiDB Client:
- Description: An attacker gains control of a legitimate client application (e.g., through a web application vulnerability), allowing them to use the client's credentials to access and exfiltrate data from TiDB.
- Likelihood: Medium
- Impact: High
- Effort: Varies greatly (depends on the client vulnerability)
- Skill Level: Varies greatly (depends on the client vulnerability)
- Detection Difficulty: Medium to Hard
- Mitigation:
- Secure the entire application stack, not just TiDB.
- Implement strong authentication and authorization for client applications.
- Use network segmentation.
- Monitor client connections for anomalous behavior.
Attack Tree Path: 2. Denial of Service (DoS)
-
2.1 Resource Exhaustion:
- 2.1.1 CPU Exhaustion:
- Description: An attacker sends complex, computationally expensive queries to overload the TiDB server's CPU, making the database unavailable.
- Likelihood: Medium
- Impact: High
- Effort: Low to Medium
- Skill Level: Beginner/Intermediate
- Detection Difficulty: Easy
- Mitigation:
- Implement query cost limits in TiDB.
- Monitor CPU usage and set up alerts.
- Use TiDB's slow query log.
- Consider a load balancer.
- 2.1.1 CPU Exhaustion:
-
2.3 Network Flooding:
- 2.3.1 Network Flood:
- Description: An attacker floods the network with requests to TiDB, overwhelming the network infrastructure and preventing legitimate access.
- Likelihood: Medium
- Impact: High
- Effort: Low
- Skill Level: Script Kiddie/Beginner
- Detection Difficulty: Easy
- Mitigation:
- Implement network-level DDoS protection (firewalls, IDPS).
- Use a Content Delivery Network (CDN).
- 2.3.1 Network Flood:
Attack Tree Path: 3. Gain Control
-
3.1 Weak Credentials/Authentication Bypass:
- Description: TiDB is configured with weak, default, or easily guessable credentials, allowing an attacker to gain direct access.
- Likelihood: Low (should be mitigated by policy)
- Impact: Very High
- Effort: Very Low
- Skill Level: Script Kiddie
- Detection Difficulty: Medium
- Mitigation:
- Use strong, unique passwords.
- Implement multi-factor authentication (MFA).
- Regularly rotate passwords.
- Disable default accounts.
-
3.2 Configuration Vulnerabilities:
- Description: Misconfigurations in TiDB (e.g., exposed management interface, insecure settings) allow an attacker to gain control.
- Likelihood: Low to Medium
- Impact: Very High
- Effort: Low to Medium
- Skill Level: Intermediate
- Detection Difficulty: Medium
- Mitigation:
- Follow TiDB's security best practices.
- Regularly audit the TiDB configuration.
- Use a configuration management tool.
- Restrict access to the management interface.