Skip to main content

MariaDB Credentials

Description#

General#

  • Documentation: https://mariadb.org/documentation/
  • Summary: MariaDB is an open source relational database developed by the MariaDB Foundation. This detector aims at detecting MariaDB credentials in assignments. Two GitGuardian detectors are associated to MariaDB credentials depending on wether the targeted port number is attached to the hostname or defined separately.
  • IPs allowlist: This can be set on the server side.
  • Scopes: MariaDB supports many Role Based Access Controls. Here are some details on how to set these roles. The scopes of the credentials found vary according to these RBAC settings.

Revoke the secret#

Depending on the leak's criticality, the following commands can be useful in the revocation process: SET PASSWORD, ALTER USER, or DROP USER.

Check for suspicious activity#

The server can be configured to log any activity on the database.

Details for Mariadb assignment#

  • Category: Data storage

  • High recall: False

  • Validity check available: True

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 4

  • Occurrences found for one million commits: 0.08

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^(cs|x|p|s|r)?html5?~?$  - ^[aps]?cssc?~?$  - ^lock$  - ^mdx?~?$  - ^storyboard(c|er)?~?$  - ^xib$  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - maria

Examples#

- text: >    mariadb.url=google.com    mariadb.port=50003    mariadb.user=root    mariadb.password=sup3rstr0ngpass  host: google.com  port: "50003"  username: root  password: sup3rstr0ngpass

Details for Mariadb assignment attached port#

  • Category: Data storage

  • High recall: False

  • Validity check available: True

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 4

  • Occurrences found for one million commits: 7.82

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^(cs|x|p|s|r)?html5?~?$  - ^[aps]?cssc?~?$  - ^lock$  - ^mdx?~?$  - ^storyboard(c|er)?~?$  - ^xib$  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - maria

Examples#

- text: >    db.url=jdbc:mariadb://google.com:50003/dev    db.user=root    db.password=sup3rstr0ngpass  host: google.com  port: "50003"  username: root  password: sup3rstr0ngpass