Skip to content

AMQP Credentials

Service Name: Advanced Message Queuing Protocol

Service Description: AMQP (Advanced Message Queuing Protocol) is an open standard application layer protocol for message-oriented middleware. It enables applications to communicate by sending messages between them, supporting message orientation, queuing, routing, reliability, and security.

Service Address: Various implementations including RabbitMQ and Apache ActiveMQ

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the broker level through firewall rules or access control mechanisms specific to the AMQP implementation.

Secret Access Scope: Grants access to message queues, exchanges, and the ability to publish and consume messages within an AMQP broker.

Secret Revokement URL: Depends on the specific AMQP implementation. For RabbitMQ: https://www.rabbitmq.com/access-control.html

Secret Example: amqp://username:password@host:port/vhost

Suspicious Activity Investigation Instructions:

  • Review connection logs from your AMQP broker for unusual access patterns or unauthorized connections.
  • Check for unexpected message publishing or consumption activities.
  • Monitor for unusual queue creation, deletion, or binding operations.
  • Look for abnormal message throughput or queue depth changes.
  • Verify if there are connections from unexpected IP addresses or locations.

Mitigation Instructions:

  • Immediately change the compromised credentials in your AMQP broker's management interface.
  • Revoke the compromised user's permissions or delete the user entirely.
  • Create new credentials with appropriate permissions.
  • Update all applications using these credentials with the new connection string.
  • Consider implementing IP-based restrictions for AMQP connections.
  • Enable TLS for AMQP connections if not already in use.
  • Review and tighten permission scopes for AMQP users to follow the Principle of Least Privilege.
  • Implement connection rate limiting to prevent brute force attacks.