Attack Surface: Unprotected HTTP API
Description: InfluxDB's HTTP API, used for data interaction, is exposed without encryption. InfluxDB Contribution: InfluxDB's default configuration allows HTTP API access over unencrypted connections. Example: Credentials sent via Basic Authentication over HTTP are intercepted by a network attacker. Query results containing sensitive data are also exposed in transit. Impact: Data breaches, credential theft, data manipulation, loss of confidentiality and integrity. Risk Severity: High Mitigation Strategies: * Enable HTTPS: Configure InfluxDB to use TLS/SSL for all HTTP API communication. * Disable HTTP if possible: If HTTPS is enabled, disable the HTTP port to force encrypted communication.
Attack Surface: Exposed Ports
Description: InfluxDB ports (e.g., 8086, 8088) are accessible from the internet or untrusted networks. InfluxDB Contribution: InfluxDB listens on default ports which might be inadvertently exposed during deployment. Example: An attacker from the internet directly accesses the InfluxDB HTTP API on port 8086 and attempts brute-force authentication or exploits a known vulnerability. Impact: Unauthorized access, data breaches, data manipulation, denial of service, potential system compromise. Risk Severity: High Mitigation Strategies: * Firewall Configuration: Implement strict firewall rules to restrict access to InfluxDB ports only from trusted sources (e.g., application servers). * Network Segmentation: Deploy InfluxDB within a private network, inaccessible from the public internet.
Attack Surface: Weak or Default Credentials
Description: InfluxDB is configured with default or easily guessable usernames and passwords. InfluxDB Contribution: InfluxDB allows for user creation and authentication, but relies on users to set strong credentials. Example: An administrator uses "admin/admin" as credentials for the InfluxDB admin user. An attacker uses these default credentials to gain full administrative access. Impact: Unauthorized access, data breaches, data manipulation, denial of service, complete system compromise. Risk Severity: Critical Mitigation Strategies: * Strong Password Policy: Enforce strong, unique passwords for all InfluxDB users. * Credential Management: Use a secure password management system to generate and store credentials. * Regular Password Rotation: Implement a policy for regular password changes. * Disable Default Accounts: If possible, disable or rename default administrative accounts.
Attack Surface: InfluxQL/Flux Injection
Description: User-provided input is directly embedded into InfluxQL or Flux queries without proper sanitization. InfluxDB Contribution: InfluxDB uses InfluxQL and Flux as query languages, which can be vulnerable to injection if not handled carefully. Example: An application takes user input for a tag value and directly inserts it into an InfluxQL query. An attacker crafts a malicious input that modifies the query's intent, potentially extracting unauthorized data. Impact: Data breaches, data manipulation, unauthorized actions, potential for privilege escalation. Risk Severity: High Mitigation Strategies: * Input Sanitization: Sanitize and validate all user-provided input before incorporating it into queries. * Parameterized Queries (if available and applicable): Use parameterized queries or prepared statements if supported by the InfluxDB client library to separate query structure from user data. * Principle of Least Privilege: Grant users only the necessary permissions to access and query data.
Attack Surface: Misconfigurations
Description: InfluxDB is improperly configured, leading to security weaknesses. InfluxDB Contribution: InfluxDB offers various configuration options, and incorrect settings can create vulnerabilities. Example: Authentication is disabled, allowing anonymous access to InfluxDB. Authorization is not properly configured, granting users excessive privileges. Impact: Unauthorized access, data breaches, data manipulation, denial of service, potential system compromise. Risk Severity: High Mitigation Strategies: * Secure Configuration Review: Regularly review InfluxDB configuration settings against security best practices and hardening guides. * Principle of Least Privilege: Configure authentication and authorization to grant users only the necessary permissions. * Disable Unnecessary Features: Disable any InfluxDB features or functionalities that are not required. * Configuration Management: Use configuration management tools to ensure consistent and secure configurations across InfluxDB instances.