Skip to content

Exposed Database Connection String #3

Description

@bright-security

Exposed Database Connection String

Severity: Low Discovered: 10 of October-2022, 11:11 PM

CWE ID

CWE-284

CVSS

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

Detected the connection string "postgres://bc:bc@db:5432/bc" of postgres database in the URL "https://brokencrystals.com/api/config", but could not connect to the database.

Possible exposure

Leakage of sensitive data.

Remediation suggestions

Refrain from showing the database connection string on the user-visible pages if possible. Even if it is properly secured it reveals information that could be abused.

Request

GET https://brokencrystals.com/api/config HTTP/1.1

External links

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions