Firebird Database Server Plaintext Password

medium Nessus Network Monitor Plugin ID 4227

Synopsis

The remote host passes information across the network in an insecure manner.

Description

The remote host seems to be running a Firebird database server. This instance of the Firebird server allows the passing of confidential data over an unencrypted session. An attacker can sniff confidential data such as database name, user ID and credentials to gain elevated access to the database.

Solution

Require remote clients to use an encrypted session.

Plugin Details

Severity: Medium

ID: 4227

Family: Database

Published: 10/5/2007

Updated: 5/18/2018