Skip to main content

MySQL Credentials

Description#

General#

  • Documentation: https://dev.mysql.com/doc/refman/8.0/en/
  • Summary: MySQL is an open-source relational database management system now maintained by Oracle Corporation. This detector aims at detecting MySQL credentials in a URI connection string, assignments or in a CLI command.
  • IPs allowlist: An IP allowlist can be set on the server side. This documentation might help on the topic.
  • Scopes: MySQL supports many Role Based Access Controls. Here are some details on how to set these roles. The scopes of the credentials found vary according to these RBAC settings.

Revoke the secret#

Depending on the leak's criticality, the following commands can be useful in the revocation process : SET PASSWORD, ALTER_USER, or DROP USER.

Check for suspicious activity#

The server can be configured to log and audit any activity on the database.

Details for Mysql cli#

  • Category: Data storage

  • High recall: True

  • Validity check available: True

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 3

  • Occurrences found for one million commits: 2.5

  • Prefixed: True

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^(cs|x|p|s|r)?html5?~?$  - ^[aps]?cssc?~?$  - ^lock$  - ^mdx?~?$  - ^storyboard(c|er)?~?$  - ^xib$  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - mysql

Examples#

- text: >    mysql --user=doadmin --password=strongp@55! --host=db-mysql-ams3-23775-do-user-7772205-0.a.db.ondigitalocean.com  host: db-mysql-ams3-23775-do-user-7772205-0.a.db.ondigitalocean.com  username: doadmin  password: strongp@55!
- text: >    mysql --user=doadmin --password=strongp@55! --host=12.76.135.14  host: 12.76.135.14  username: doadmin  password: strongp@55!
- text: >    mysql -udoadmin -pstrongp@55! --host=db-mysql-ams3-23775-do-user-7772205-0.a.db.ondigitalocean.com  host: db-mysql-ams3-23775-do-user-7772205-0.a.db.ondigitalocean.com  username: doadmin  password: strongp@55!
# Test multispace- text: >    mysql -u      doadmin -pstrongp@55! --host     db-mysql-ams3-23775-do-user-7772205-0.a.db.ondigitalocean.com  host: db-mysql-ams3-23775-do-user-7772205-0.a.db.ondigitalocean.com  username: doadmin  password: strongp@55!

Details for Mysql uri#

  • Category: Data storage

  • High recall: True

  • Validity check available: True

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 8

  • Occurrences found for one million commits: 47.79

  • Prefixed: True

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^(cs|x|p|s|r)?html5?~?$  - ^[aps]?cssc?~?$  - ^lock$  - ^mdx?~?$  - ^storyboard(c|er)?~?$  - ^xib$  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - mysql

Examples#

- text: >    CONNECTION_URI="mysql://root:m42ploz2wd@google.com:5434/thegift"  host: google.com  port: "5434"  username: root  password: m42ploz2wd  scheme: mysql  database: thegift  connection_uri: mysql://root:m42ploz2wd@google.com:5434/thegift
# Test special characters in password- text: >    CONNECTION_URI="mysql://root:m42p!o@2wd@google.com:5434/thegift"  host: google.com  port: "5434"  username: root  password: m42p!o@2wd  scheme: mysql  database: thegift  connection_uri: mysql://root:m42p!o@2wd@google.com:5434/thegift

Details for Mysql assignment#

  • Category: Data storage

  • High recall: False

  • Validity check available: True

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 4

  • Occurrences found for one million commits: 57.8

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^(cs|x|p|s|r)?html5?~?$  - ^[aps]?cssc?~?$  - ^lock$  - ^mdx?~?$  - ^storyboard(c|er)?~?$  - ^xib$  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - mysql

Examples#

- text: >    docker run --name geonetwork -d -p 8080:8080 -e MYSQL_HOST=google.com -e MYSQL_PORT=5434 -e MYSQL_USERNAME=root -e MYSQL_PASSWORD=m42ploz2wd geonetwork  host: google.com  port: "5434"  username: root  password: m42ploz2wd
- text: >    server.port=9082    spring.datasource.url=jdbc:mysql://google.com/BLUDB    spring.datasource.username=root    spring.datasource.password=sup3rstr0ngpass  host: google.com  port: "9082"  username: root  password: sup3rstr0ngpass

Details for Mysql assignment attached port#

  • Category: Data storage

  • High recall: False

  • Validity check available: True

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 4

  • Occurrences found for one million commits: 124.26

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^(cs|x|p|s|r)?html5?~?$  - ^[aps]?cssc?~?$  - ^lock$  - ^mdx?~?$  - ^storyboard(c|er)?~?$  - ^xib$  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - mysql

Examples#

- text: >    docker run --name geonetwork -d -p 8080:8080 -e MYSQL_HOST=google.com:5434 -e MYSQL_PORT=1212 -e MYSQL_USERNAME=root -e MYSQL_PASSWORD=m42ploz2wd geonetwork  host: google.com  port: "5434"  username: root  password: m42ploz2wd
- text: >    server.port=1212    spring.datasource.url=jdbc:mysql://google.com:9082/BLUDB    spring.datasource.username=root    spring.datasource.password=sup3rstr0ngpass  host: google.com  port: "9082"  username: root  password: sup3rstr0ngpass