Skip to content

RabbitMQ Connection String

Service Name: RabbitMQ

Service Description: RabbitMQ is an open-source message broker software that implements the Advanced Message Queuing Protocol (AMQP). It acts as a middleman for various services, enabling them to communicate and exchange information through a standardized interface.

Service Address: https://www.rabbitmq.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the RabbitMQ server level using firewall rules or RabbitMQ's built-in access control mechanisms.

Secret Access Scope: Grants access to RabbitMQ message broker services, allowing applications to publish and consume messages, manage exchanges, queues, and bindings.

Secret Revokement URL: https://www.rabbitmq.com/access-control.html

Secret Example: amqp://username:password@host:5672/vhost

Suspicious Activity Investigation Instructions:

  • Review RabbitMQ server logs for unusual connection attempts or message patterns
  • Check for unexpected high message throughput or queue creation
  • Monitor for connections from unusual IP addresses or locations
  • Examine management console for unauthorized user activity
  • Verify if there are any newly created users or modified permissions

Mitigation Instructions:

  • Change the password for the affected user in the RabbitMQ management

console

  • Revoke and regenerate any compromised credentials
  • Update connection strings in all legitimate applications
  • Consider implementing IP-based restrictions for RabbitMQ access
  • Enable TLS for all RabbitMQ connections if not already in use
  • Review and restrict user permissions to only what is necessary
  • Implement monitoring for suspicious connection patterns