Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

SQLYog MySQL HTTP Tunnel Detection

Medium

Synopsis

The remote host is running an inherently insecure protocol or application.

Description

The remote host is running a MySQL database. In addition, a PHP script is installed that allows MySQL connections to be tunneled over HTTP. This sort of connection is typically utilized when the database administrator does not have access to connect to the database from remote locations. The tunnel does not use any sort of encryption and exposes credentials to passive sniffing. In addition, as the PHP script connects to the database from the localhost, database authentication does not look for the originating IP address within the GRANT tables but instead uses the server IP as the originating source. Not only does the script allow database admins to bypass firewall restrictions and log in insecurely, it also exposes the database to brute-force attacks from anonymous users.

Solution

For remote database administration, choose a method of connection that is restricted to only trusted sources and encrypts the authentication credentials.