Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.WEB_APPLICATION_SCANNING_114276
HistoryMay 06, 2024 - 12:00 a.m.

Database Connection String Disclosure

2024-05-0600:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
4
database
connection string
disclosure
web applications
security
authentication
sensitive information
attacker
privileged access

8 High

AI Score

Confidence

Low

JSON

Most of the web applications rely on a database to provide features to their users. In secure designs, consuming these private or cloud databases will require authentication like username and password based credentials.

Developers sometimes hard code such data in various places of their applications, without realizing that it could become publicly available in client-side JavaScript or, for example, HTML comments. By leveraging these sensitive information, a remote and unauthenticated attacker could gain privileged access to critical services used by the web application and the organization.

No source data

8 High

AI Score

Confidence

Low

JSON