MySQL Credentials

Description

General

• Documentation: https://dev.mysql.com/doc/refman/8.0/en/
• Summary: MySQL is an open-source relational database management system now maintained by Oracle Corporation. This detector aims at detecting MySQL credentials in a URI connection string, assignments or in a CLI command.
• IPs allowlist: An IP allowlist can be set on the server side. This documentation might help on the topic.
• Scopes: MySQL supports many Role Based Access Controls. Here are some details on how to set these roles. The scopes of the credentials found vary according to these RBAC settings.

Revoke the secret

Depending on the leak's criticality, the following commands can be useful in the revocation process: SET PASSWORD, ALTER_USER, or DROP USER.

Check for suspicious activity

The server can be configured to log and audit any activity on the database.

Details for Mysql cli

• Family: Database

• Category: Data storage

• Company: Oracle

• High recall: False

• Validity check available: True

• On-premise instances exist: False

• Only valid secrets raise an alert: False

• Minimum number of matches: 3

• Occurrences found for one million commits: 4.53

• Prefixed: False

• PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions: []
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: true
  ban_markup: true
- type: ContentWhitelistPreValidator
  patterns:
    - mysql

Examples

- text: |
    mysql --user=doadmin --password=strongp@55! --host=db-mysql-ams3-23775-do-user-7772205-0.a.db.ondigitalocean.com
  host: db-mysql-ams3-23775-do-user-7772205-0.a.db.ondigitalocean.com
  username: doadmin
  password: strongp@55!

- text: |
    mysql --user=doadmin --password=strongp@55! --host=12.76.135.14
  host: 12.76.135.14
  username: doadmin
  password: strongp@55!

- text: |
    mysql -udoadmin -pstrongp@55! --host=db-mysql-ams3-23775-do-user-7772205-0.a.db.ondigitalocean.com
  host: db-mysql-ams3-23775-do-user-7772205-0.a.db.ondigitalocean.com
  username: doadmin
  password: strongp@55!

# Test multispace
- text: |
    mysql -u      doadmin -pstrongp@55! --host     db-mysql-ams3-23775-do-user-7772205-0.a.db.ondigitalocean.com
  host: db-mysql-ams3-23775-do-user-7772205-0.a.db.ondigitalocean.com
  username: doadmin
  password: strongp@55!

Details for Mysql uri

• Family: Database

• Category: Data storage

• Company: Oracle

• High recall: True

• Validity check available: True

• On-premise instances exist: False

• Only valid secrets raise an alert: False

• Minimum number of matches: 5

• Occurrences found for one million commits: 44.16

• Prefixed: True

• PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions: []
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: true
  ban_markup: false
- type: ContentWhitelistPreValidator
  patterns:
    - mysql

Examples

- text: |
    CONNECTION_URI="mysql://root:m42ploz2wd@google.com:5434/thegift"
  host: google.com
  port: '5434'
  username: root
  password: m42ploz2wd
  scheme: mysql
  database: thegift
  connection_uri: mysql://root:m42ploz2wd@google.com:5434/thegift

# Test special characters in password
- text: |
    CONNECTION_URI="mysql://root:m42p!o@2wd@google.com:5434/thegift"
  host: google.com
  port: '5434'
  username: root
  password: m42p!o@2wd
  scheme: mysql
  database: thegift
  connection_uri: mysql://root:m42p!o@2wd@google.com:5434/thegift

# Test detection in md files
- text: |
    CONNECTION_URI="mysql://root:m42p!o@2wd@google.com:5434/thegift"
  host: google.com
  port: '5434'
  username: root
  password: m42p!o@2wd
  scheme: mysql
  database: thegift
  connection_uri: mysql://root:m42p!o@2wd@google.com:5434/thegift

Details for Mysql assignment

• Family: Database

• Category: Data storage

• Company: Oracle

• High recall: False

• Validity check available: True

• On-premise instances exist: False

• Only valid secrets raise an alert: False

• Minimum number of matches: 4

• Occurrences found for one million commits: 52.29

• Prefixed: False

• PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions: []
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: true
  ban_markup: true
- type: ContentWhitelistPreValidator
  patterns:
    - mysql

Examples

- text: |
    docker run --name geonetwork -d -p 8080:8080 -e MYSQL_HOST=google.com -e MYSQL_PORT=5434 -e MYSQL_USERNAME=root -e MYSQL_PASSWORD=m42ploz2wd geonetwork
  host: google.com
  port: '5434'
  username: root
  password: m42ploz2wd

- text: |
    server.port=9082
    spring.datasource.url=jdbc:mysql://google.com/BLUDB
    spring.datasource.username=root
    spring.datasource.password=sup3rstr0ngpass
  host: google.com
  port: '9082'
  username: root
  password: sup3rstr0ngpass

Details for Mysql assignment attached port

• Family: Database

• Category: Data storage

• Company: Oracle

• High recall: False

• Validity check available: True

• On-premise instances exist: False

• Only valid secrets raise an alert: False

• Minimum number of matches: 4

• Occurrences found for one million commits: 90.36

• Prefixed: False

• PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions: []
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: true
  ban_markup: true
- type: ContentWhitelistPreValidator
  patterns:
    - mysql

Examples

- text: |
    docker run --name geonetwork -d -p 8080:8080 -e MYSQL_HOST=google.com:5434 -e MYSQL_PORT=1212 -e MYSQL_USERNAME=root -e MYSQL_PASSWORD=m42ploz2wd geonetwork
  host: google.com
  port: '5434'
  username: root
  password: m42ploz2wd

- text: |
    server.port=1212
    spring.datasource.url=jdbc:mysql://google.com:9082/BLUDB
    spring.datasource.username=root
    spring.datasource.password=sup3rstr0ngpass
  host: google.com
  port: '9082'
  username: root
  password: sup3rstr0ngpass