Database Connection Configuration Information Disclosure (Jet Client)

medium Nessus Network Monitor Plugin ID 4659

Synopsis

The remote web application server may be prone to a policy violation.

Description

NNM has just noted a web transaction that included database connection information. This includes database name, user ID, password and more.

Solution

Ensure that such information is not stored or sent in plaintext. Note: NNM only reports on the first occurence of this item on a web server. Parse your entire web source for similar occurrences.

Plugin Details

Severity: Medium

ID: 4659

Family: Web Servers

Published: 9/15/2008

Updated: 1/16/2019