21 lines
572 B
YAML
21 lines
572 B
YAML
|
id: tidb-native-password-bruteforce
|
||
|
|
||
|
info:
|
||
|
name: TiDB DB with enabled native password
|
||
|
author: lu4nx
|
||
|
severity: info
|
||
|
description: TiDB is fully compatible with the MySQL 5.7 protocol and the common features and syntax of MySQL 5.7. TiDB instance with enabled native password support prone vulnerable for password brute-force attack.
|
||
|
tags: network,tidb,bruteforce,db
|
||
|
|
||
|
network:
|
||
|
- host:
|
||
|
- "{{Hostname}}"
|
||
|
- "{{Hostname}}:4000"
|
||
|
|
||
|
matchers:
|
||
|
- type: word
|
||
|
words:
|
||
|
- "mysql_native_password"
|
||
|
- "TiDB"
|
||
|
condition: and
|