Database Connection Configuration Information Disclosure

Medium Nessus Network Monitor Plugin ID 4660

Synopsis

The remote web application server may be prone to a policy violation.

Description

PVS has just noted a web transaction that included database connection information. This includes database name, user ID, password and more.

Solution

Ensure that such information is not stored or sent in plaintext. Note: PVS only reports on the first occurence of this item on a web server. Parse your entire web source for similar occurrences.

Plugin Details

Severity: Medium

ID: 4660

File Name: 4660.prm

Family: Web Servers

Published: 2008/09/15

Modified: 2016/01/15

Dependencies: 1442

Risk Information

Risk Factor: Medium