Database connection string disclosed

Description: Database connection string disclosed

A database connection string specifies information about a data source and the means of connecting to it. In web applications, connection strings are generally used by the application tier to connect to the back database used for storing application data. They are usually read from server-side configuration files or hard-coded into application source code.

Remediation: Database connection string disclosed

It is almost never necessary for applications to disclose database connection strings to clients. The reason for the disclosure should be reviewed and addressed.

References

Web Security Academy: Information disclosure

Vulnerability classifications

CWE-15: External Control of System or Configuration Setting
CWE-497: Exposure of System Data to an Unauthorized Control Sphere
CAPEC-37: Retrieve Embedded Sensitive Data

Typical severity

Medium

Type index (hex)

0x00600080

Type index (decimal)

6291584

Burp Scanner

This issue - and many more like it - can be found using our web vulnerability scanner

Get Burp

Scan your web application from just $449.00

Find out more

How do I?	New Post	View All
Feature Requests	New Post	View All
Burp Extensions	New Post	View All
Bug Reports	New Post	View All