Configuration: PhpMyAdmin - Unauthenticated Access¶

Identifier: phpmyadmin_unauth_access

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

phpMyAdmin instances accessible without authentication allow unauthorized users to access database management interfaces, potentially leading to data exposure, modification, or deletion.

How we test: We test for unauthenticated access to phpMyAdmin by attempting to access the dashboard without authentication and analyzing responses to detect if the database management interface is accessible without proper authorization.

Reference:

https://www.phpmyadmin.net

Configuration¶

Example¶

Example configuration:

---
security_tests:
  phpmyadmin_unauth_access:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.