Skip to main content

MySQL Credentials

Description

General

  • Documentation: https://dev.mysql.com/doc/refman/8.0/en/
  • Summary: MySQL is an open-source relational database management system now maintained by Oracle Corporation. This detector aims at detecting MySQL credentials in a URI connection string, assignments or in a CLI command.

Revoke the secret

Depending on the leak's criticality, the following commands can be useful in the revocation process: SET PASSWORD, ALTER_USER, or DROP USER.

Details for MySQL CLI Credentials

  • Family: identifiers

  • Category: data_storage

  • Company: Oracle

  • High recall: False

  • Validity check available: True

  • Analyzer available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 3

  • Occurrences found for one million commits: 4.53

  • Prefixed: False

Details for MySQL URI

  • Family: identifiers

  • Category: data_storage

  • Company: Oracle

  • High recall: True

  • Validity check available: True

  • Analyzer available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 5

  • Occurrences found for one million commits: 44.16

  • Prefixed: True

Details for MySQL Assignment

  • Family: identifiers

  • Category: data_storage

  • Company: Oracle

  • High recall: False

  • Validity check available: True

  • Analyzer available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 4

  • Occurrences found for one million commits: 52.29

  • Prefixed: False

Details for MySQL Assignment

  • Family: identifiers

  • Category: data_storage

  • Company: Oracle

  • High recall: False

  • Validity check available: True

  • Analyzer available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 4

  • Occurrences found for one million commits: 90.36

  • Prefixed: False

Secret Analyzer

Analysis Method

  • Provider allows scopes enumeration: False
  • Total network call count: 5
  • Total call count may vary: False

HTTP Calls

Requests are designed to capture metadata and not to function effectively. No HTTP calls for this analyzer.

Other Calls

Non-HTTP queries or HTTP calls made through a third-party app (e.g., Python package).

SELECT @@GLOBAL.sql_mode
SELECT routine_schema, routine_name FROM information_schema.routines
SELECT table_schema, table_name, IFNULL(DATA_LENGTH,0) FROM information_schema.tables
SHOW DATABASES
SHOW GRANTS