Error message shows DB password

Error message shows DB password

Author
Discussion

budgie smuggler

Original Poster:

5,359 posts

158 months

Tuesday 31st March 2015
quotequote all
Just a small heads up. When the DB fell over just now, the error message displayed in my browser showed your server's database username, IP, and password.


errormessage said:
Failed to open slave '10.2.25.21'

Error #80004005

[MySQL] [ODBC 3.51 Driver] Can't connect to MySQL server on '10.2.25.21' (10061)

(Source: Microsoft OLE DB Provider for ODBC Drivers)

(SQL State: S1000)

(NativeError: 2003)

Connection: Driver={MySQL ODBC 3.51 Driver};Server=10.2.25.21;Port=3306;Option=3;Stmt=;Database=forums;Uid=ZZZZZZZZZZZZZZ;Pwd=XXXXXXXXXXXXXXXXXXXXXXXXX

URL: www.pistonheads.com/xforums/topic.asp?h=0&f=23...

REMOTE ADDRESS: 95.172.230.185, 10.244.189.109:38100, 54.155.160.171

REMOTE HOST: 1.1.1.1

LOCAL ADDRESS: 10.2.20.15

REFERER:

IainT

10,040 posts

237 months

Tuesday 31st March 2015
quotequote all
Looks to be on an internal IP so shouldn't be vulnerable to remote access unless the firewall's borked too!

There's no way the techies would re-use a password across multiple appliances is there? wink

RacingPete

8,845 posts

203 months

Tuesday 31st March 2015
quotequote all
IainT said:
Looks to be on an internal IP so shouldn't be vulnerable to remote access unless the firewall's borked too!

There's no way the techies would re-use a password across multiple appliances is there? wink
All error messages should have the UID and PWD masked, so will investigate where that is showing. The current issue is just with the database, the firewall is secure and the username and password are specific to just that database and not shared.

Though as a precaution we will change it as part of getting the database back up and running.