Security Test: Exposed MySQL Config¶
Description¶
Default Severity:
When the MySQL configuration file is accidentally made public, anyone can view sensitive details like usernames, passwords, and connection info. This exposure can let attackers break into your database, steal data, or find other ways to compromise your system. It usually happens when developers leave these files with loose permissions or mistakenly keep them in public folders during setup or debugging. The risks include unauthorized access and potential data breaches, so it's crucial to properly secure these files to avoid giving attackers an easy entry point.
Configuration¶
Identifier:
information_disclosure/exposed_mysql_config
Examples¶
All configuration available:
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API8:2023 |
| OWASP LLM Top 10 | LLM06:2023 |
| PCI DSS | 2.2.2 |
| GDPR | Article-32 |
| SOC2 | CC6 |
| PSD2 | Article-95 |
| ISO 27001 | A.12.6 |
| NIST | SP800-123 |
| FedRAMP | AC-22 |
| CWE | 200 |
| CVSS Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVSS Score | 3.0 |