Database Connection Configuration Information Disclosure (Web)
Medium Nessus Network Monitor Plugin ID 4658
SynopsisThe remote web application server may be prone to a policy violation.
DescriptionPVS has just noted a web transaction that included database connection information. This includes database name, user ID, password and more.
SolutionEnsure that such information is not stored or sent in plaintext. Note: PVS only reports on the first occurence of this item on a web server. Parse your entire web source for similar occurrences.