2021-09-13 20:24:21 +00:00
|
|
|
id: mysql-native-password
|
2021-04-11 14:29:11 +00:00
|
|
|
|
|
|
|
info:
|
2021-04-13 13:10:43 +00:00
|
|
|
name: MySQL DB with enabled native password
|
2021-04-11 14:29:11 +00:00
|
|
|
author: iamthefrogy
|
2021-04-13 18:52:03 +00:00
|
|
|
severity: info
|
2021-04-13 13:10:43 +00:00
|
|
|
tags: network,mysql,bruteforce,db
|
2021-09-05 21:13:45 +00:00
|
|
|
description: MySQL instance with enabled native password support is prone to password brute-force attacks.
|
2021-04-11 14:29:11 +00:00
|
|
|
|
|
|
|
network:
|
|
|
|
- host:
|
|
|
|
- "{{Hostname}}"
|
2021-12-09 13:06:24 +00:00
|
|
|
- "{{Host}}:3306"
|
2021-04-13 13:10:43 +00:00
|
|
|
|
2021-04-11 14:29:11 +00:00
|
|
|
matchers:
|
|
|
|
- type: word
|
|
|
|
words:
|
|
|
|
- "mysql_native_password"
|