H3-2022-0077¶

Amazon Relational Database Service (RDS) DB Instance Is Exposed to the Internet

Description¶

The RDS DB instance is accessible from the internet.

Impact¶

Databases accessible from the internet are subject to credential attacks including password stuffing, password spraying and even brute force attacks.

References¶

• Amazon RDS Security Best Practices
• MITRE ATT&CK Technique: T1133: External Remote Services