MySQL Credentials
#
Description#
General- Documentation: https://dev.mysql.com/doc/refman/8.0/en/
- Summary: MySQL is an open-source relational database management system now maintained by Oracle Corporation. This detector aims at detecting MySQL credentials in a URI connection string, assignments or in a CLI command.
- IPs allowlist: An IP allowlist can be set on the server side. This documentation might help on the topic.
- Scopes: MySQL supports many Role Based Access Controls. Here are some details on how to set these roles. The scopes of the credentials found vary according to these RBAC settings.
#
Revoke the secretDepending on the leak's criticality, the following commands can be useful in the revocation process: SET PASSWORD, ALTER_USER, or DROP USER.
#
Check for suspicious activityThe server can be configured to log and audit any activity on the database.
Mysql cli
#
Details for Family: Database
Category: Data storage
High recall: False
Validity check available: True
On-premise instances exist: True
Only valid secrets raise an alert: False
Minimum number of matches: 3
Occurrences found for one million commits: 1.77
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: [] banlist_filenames: [] check_binaries: false include_default_banlist_extensions: true ban_markup: true- type: ContentWhitelistPreValidator patterns: - mysql
#
Examples- text: > mysql --user=doadmin --password=strongp@55! --host=db-mysql-ams3-23775-do-user-7772205-0.a.db.ondigitalocean.com host: db-mysql-ams3-23775-do-user-7772205-0.a.db.ondigitalocean.com username: doadmin password: strongp@55!
- text: > mysql --user=doadmin --password=strongp@55! --host=12.76.135.14 host: 12.76.135.14 username: doadmin password: strongp@55!
- text: > mysql -udoadmin -pstrongp@55! --host=db-mysql-ams3-23775-do-user-7772205-0.a.db.ondigitalocean.com host: db-mysql-ams3-23775-do-user-7772205-0.a.db.ondigitalocean.com username: doadmin password: strongp@55!
# Test multispace- text: > mysql -u doadmin -pstrongp@55! --host db-mysql-ams3-23775-do-user-7772205-0.a.db.ondigitalocean.com host: db-mysql-ams3-23775-do-user-7772205-0.a.db.ondigitalocean.com username: doadmin password: strongp@55!
Mysql uri
#
Details for Family: Database
Category: Data storage
High recall: True
Validity check available: True
On-premise instances exist: True
Only valid secrets raise an alert: False
Minimum number of matches: 8
Occurrences found for one million commits: 43.75
Prefixed: True
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: [] banlist_filenames: [] check_binaries: false include_default_banlist_extensions: true ban_markup: false- type: ContentWhitelistPreValidator patterns: - mysql
#
Examples- text: > CONNECTION_URI="mysql://root:m42ploz2wd@google.com:5434/thegift" host: google.com port: "5434" username: root password: m42ploz2wd scheme: mysql database: thegift connection_uri: mysql://root:m42ploz2wd@google.com:5434/thegift
# Test special characters in password- text: > CONNECTION_URI="mysql://root:m42p!o@2wd@google.com:5434/thegift" host: google.com port: "5434" username: root password: m42p!o@2wd scheme: mysql database: thegift connection_uri: mysql://root:m42p!o@2wd@google.com:5434/thegift
# Test detection in md files- text: > CONNECTION_URI="mysql://root:m42p!o@2wd@google.com:5434/thegift" host: google.com port: "5434" username: root password: m42p!o@2wd scheme: mysql database: thegift connection_uri: mysql://root:m42p!o@2wd@google.com:5434/thegift filename: some_file.md
Mysql assignment
#
Details for Family: Database
Category: Data storage
High recall: False
Validity check available: True
On-premise instances exist: True
Only valid secrets raise an alert: False
Minimum number of matches: 4
Occurrences found for one million commits: 55.44
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: [] banlist_filenames: [] check_binaries: false include_default_banlist_extensions: true ban_markup: true- type: ContentWhitelistPreValidator patterns: - mysql
#
Examples- text: > docker run --name geonetwork -d -p 8080:8080 -e MYSQL_HOST=google.com -e MYSQL_PORT=5434 -e MYSQL_USERNAME=root -e MYSQL_PASSWORD=m42ploz2wd geonetwork host: google.com port: "5434" username: root password: m42ploz2wd
- text: > server.port=9082 spring.datasource.url=jdbc:mysql://google.com/BLUDB spring.datasource.username=root spring.datasource.password=sup3rstr0ngpass host: google.com port: "9082" username: root password: sup3rstr0ngpass
Mysql assignment attached port
#
Details for Family: Database
Category: Data storage
High recall: False
Validity check available: True
On-premise instances exist: True
Only valid secrets raise an alert: False
Minimum number of matches: 4
Occurrences found for one million commits: 101.6
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: [] banlist_filenames: [] check_binaries: false include_default_banlist_extensions: true ban_markup: true- type: ContentWhitelistPreValidator patterns: - mysql
#
Examples- text: > docker run --name geonetwork -d -p 8080:8080 -e MYSQL_HOST=google.com:5434 -e MYSQL_PORT=1212 -e MYSQL_USERNAME=root -e MYSQL_PASSWORD=m42ploz2wd geonetwork host: google.com port: "5434" username: root password: m42ploz2wd
- text: > server.port=1212 spring.datasource.url=jdbc:mysql://google.com:9082/BLUDB spring.datasource.username=root spring.datasource.password=sup3rstr0ngpass host: google.com port: "9082" username: root password: sup3rstr0ngpass