Skip to main content

MySQL Credentials

Description

General

  • Documentation: https://dev.mysql.com/doc/refman/8.0/en/
  • Summary: MySQL is an open-source relational database management system now maintained by Oracle Corporation. This detector aims at detecting MySQL credentials in a URI connection string, assignments or in a CLI command.
  • IPs allowlist: An IP allowlist can be set on the server side. This documentation might help on the topic.
  • Scopes: MySQL supports many Role Based Access Controls. Here are some details on how to set these roles. The scopes of the credentials found vary according to these RBAC settings.

Revoke the secret

Depending on the leak's criticality, the following commands can be useful in the revocation process: SET PASSWORD, ALTER_USER, or DROP USER.

Check for suspicious activity

The server can be configured to log and audit any activity on the database.

Details for MySQL CLI Credentials

  • Family: identifiers

  • Category: data_storage

  • Company: Oracle

  • High recall: False

  • Validity check available: True

  • Analyzer available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 3

  • Occurrences found for one million commits: 4.53

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions: []
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: true
  ban_markup: true
- type: ContentWhitelistPreValidator
  patterns:
    - mysql

Examples

- text: |
    mysql --user=doadmin --password=strongp@55! --host=db-mysql-ams3-23775-do-user-7772205-0.a.db.ondigitalocean.com
  host: db-mysql-ams3-23775-do-user-7772205-0.a.db.ondigitalocean.com
  username: doadmin
  password: strongp@55!

- text: |
    mysql --user=doadmin --password=strongp@55! --host=12.76.135.14
  host: 12.76.135.14
  username: doadmin
  password: strongp@55!

- text: |
    mysql -udoadmin -pstrongp@55! --host=db-mysql-ams3-23775-do-user-7772205-0.a.db.ondigitalocean.com
  host: db-mysql-ams3-23775-do-user-7772205-0.a.db.ondigitalocean.com
  username: doadmin
  password: strongp@55!

# Test multispace
- text: |
    mysql -u      doadmin -pstrongp@55! --host     db-mysql-ams3-23775-do-user-7772205-0.a.db.ondigitalocean.com
  host: db-mysql-ams3-23775-do-user-7772205-0.a.db.ondigitalocean.com
  username: doadmin
  password: strongp@55!

Details for MySQL URI

  • Family: identifiers

  • Category: data_storage

  • Company: Oracle

  • High recall: True

  • Validity check available: True

  • Analyzer available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 5

  • Occurrences found for one million commits: 44.16

  • Prefixed: True

  • PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions: []
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: true
  ban_markup: false
- type: ContentWhitelistPreValidator
  patterns:
    - mysql

Examples

- text: |
    CONNECTION_URI="mysql://root:m42ploz2wd@google.com:5434/thegift"
  host: google.com
  port: '5434'
  username: root
  password: m42ploz2wd
  scheme: mysql
  database: thegift
  connection_uri: mysql://root:m42ploz2wd@google.com:5434/thegift

# Test special characters in password
- text: |
    CONNECTION_URI="mysql://root:m42p!o@2wd@google.com:5434/thegift"
  host: google.com
  port: '5434'
  username: root
  password: m42p!o@2wd
  scheme: mysql
  database: thegift
  connection_uri: mysql://root:m42p!o@2wd@google.com:5434/thegift

# Test detection in md files
- text: |
    CONNECTION_URI="mysql://root:m42p!o@2wd@google.com:5434/thegift"
  host: google.com
  port: '5434'
  username: root
  password: m42p!o@2wd
  scheme: mysql
  database: thegift
  connection_uri: mysql://root:m42p!o@2wd@google.com:5434/thegift

Details for MySQL Assignment

  • Family: identifiers

  • Category: data_storage

  • Company: Oracle

  • High recall: False

  • Validity check available: True

  • Analyzer available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 4

  • Occurrences found for one million commits: 52.29

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions: []
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: true
  ban_markup: true
- type: ContentWhitelistPreValidator
  patterns:
    - mysql

Examples

- text: |
    docker run --name geonetwork -d -p 8080:8080 -e MYSQL_HOST=google.com -e MYSQL_PORT=5434 -e MYSQL_USERNAME=root -e MYSQL_PASSWORD=m42ploz2wd geonetwork
  host: google.com
  port: '5434'
  username: root
  password: m42ploz2wd

- text: |
    server.port=9082
    spring.datasource.url=jdbc:mysql://google.com/BLUDB
    spring.datasource.username=root
    spring.datasource.password=sup3rstr0ngpass
  host: google.com
  port: '9082'
  username: root
  password: sup3rstr0ngpass

Details for MySQL Assignment

  • Family: identifiers

  • Category: data_storage

  • Company: Oracle

  • High recall: False

  • Validity check available: True

  • Analyzer available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 4

  • Occurrences found for one million commits: 90.36

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions: []
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: true
  ban_markup: true
- type: ContentWhitelistPreValidator
  patterns:
    - mysql

Examples

- text: |
    docker run --name geonetwork -d -p 8080:8080 -e MYSQL_HOST=google.com:5434 -e MYSQL_PORT=1212 -e MYSQL_USERNAME=root -e MYSQL_PASSWORD=m42ploz2wd geonetwork
  host: google.com
  port: '5434'
  username: root
  password: m42ploz2wd

- text: |
    server.port=1212
    spring.datasource.url=jdbc:mysql://google.com:9082/BLUDB
    spring.datasource.username=root
    spring.datasource.password=sup3rstr0ngpass
  host: google.com
  port: '9082'
  username: root
  password: sup3rstr0ngpass

Secret Analyzer

Analysis Method

  • Provider allows scopes enumeration: False
  • Total network call count: 5
  • Total call count may vary: False

HTTP Calls

Requests are designed to capture metadata and not to function effectively. No HTTP calls for this analyzer.

Other Calls

Non-HTTP queries or HTTP calls made through a third-party app (e.g., Python package).

SELECT @@GLOBAL.sql_mode
SELECT routine_schema, routine_name FROM information_schema.routines
SELECT table_schema, table_name, IFNULL(DATA_LENGTH,0) FROM information_schema.tables
SHOW DATABASES
SHOW GRANTS
Last updated on

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status