Exposed Database Connection String
Severity: Low Discovered: 16 of August-2022, 03:41 PM
CWE ID
CWE-284
CVSS
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
Detected the connection string "postgres://bc:bc@db:5432/bc" of postgres database in the URL "https://brokencrystals.com/api/config", but could not connect to the database.
Possible exposure
Leakage of sensitive data.
Remediation suggestions
Refrain from showing the database connection string on the user-visible pages if possible. Even if it is properly secured it reveals information that could be abused.
Request
GET https://brokencrystals.com/api/config? HTTP/1.1
External links
Exposed Database Connection String
Severity:
LowDiscovered:16 of August-2022, 03:41 PMCWE ID
CWE-284
CVSS
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
Detected the connection string "postgres://bc:bc@db:5432/bc" of postgres database in the URL "https://brokencrystals.com/api/config", but could not connect to the database.
Possible exposure
Leakage of sensitive data.
Remediation suggestions
Refrain from showing the database connection string on the user-visible pages if possible. Even if it is properly secured it reveals information that could be abused.
Request
External links