Terraform Nsg Mssql Port Exposed
Description
Detects Azure Network Security Group (NSG) rules that allow unrestricted access to Microsoft SQL Server ports. This creates a security risk by potentially exposing database instances to unauthorized access from the internet.
Detection Strategy
• Identifies Network Security Group rules in Azure Terraform configurations
• Checks if any rule allows inbound traffic to port 1433 (Microsoft SQL Server default port)
• Reports a vulnerability if the source address range is too permissive (like '0.0.0.0/0' or '*')
• Evaluates both predefined and custom NSG rules that might expose MSSQL ports
Vulnerable code example
resource "azurerm_network_security_group" "example" {
name = "test-nsg"
location = "eastus"
resource_group_name = "test-rg"
security_rule { # Vulnerable: allows unrestricted access to MS SQL port 1433
name = "allow-mssql"
priority = 100...✅ Secure code example
resource "azurerm_network_security_group" "example" {
name = "test-nsg"
location = "eastus"
resource_group_name = "test-rg"
security_rule {
name = "allow-mssql"
priority = 100...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.