Firebird Database Client Plaintext Password

medium Nessus Network Monitor Plugin ID 4226

Synopsis

The remote host passes information across the network in an insecure manner.

Description

The remote host appears to be running a Firebird database client. This instance of the Firebird client allows the passing of confidential data over an unencrypted session. Given this, an attacker can sniff confidential data such as database name, user ID, or credentials to gain elevated access to the database.

Solution

Require remote clients to use an encrypted session.

Plugin Details

Severity: Medium

ID: 4226

Family: Database

Published: 10/5/2007

Updated: 5/18/2018