Database Connection Configuration Information Disclosure (Web)

Medium Nessus Network Monitor Plugin ID 4658


The remote web application server may be prone to a policy violation.


PVS has just noted a web transaction that included database connection information. This includes database name, user ID, password and more.


Ensure that such information is not stored or sent in plaintext. Note: PVS only reports on the first occurence of this item on a web server. Parse your entire web source for similar occurrences.

Plugin Details

Severity: Medium

ID: 4658

Family: Web Servers

Published: 2008/09/15

Modified: 2016/11/23

Dependencies: 1442

Risk Information

Risk Factor: Medium