Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "DBeaver Database Connections" module is designed to detect misconfigurations in the DBeaver database management software. DBeaver is a popular open-source tool used for managing and manipulating databases. This module focuses on identifying potential vulnerabilities or misconfigurations related to database connections.
This module has an informative severity level, which means it provides valuable information without indicating a critical security issue.
Author: geeknik
This module aims to identify potential misconfigurations or vulnerabilities in the DBeaver database connections. If any issues are detected, it could indicate insecure or improperly configured connections, which may lead to unauthorized access or data exposure.
The "DBeaver Database Connections" module utilizes HTTP request templates and matching conditions to perform its scanning. It sends a GET request to the "/.dbeaver/data-sources.json" endpoint and applies specific matchers to identify potential misconfigurations.
Matching conditions:
- The response body must contain the following words: ""folders": {
", ""connection-types": {
", and ""connections": {
".
- The response status code must be 200.
If both matching conditions are met, the module will report a potential vulnerability or misconfiguration related to DBeaver database connections.
Reference: https://dbeaver.com/docs/wiki/Admin-Manage-Connections/
Metadata: verified: true