DerScanner
Home / Vulnerability Database / Kotlin : Unsafe database connection config (Play)
Kotlin

Kotlin : Unsafe database connection config (Play)

Classification

OWASP Top 10 2013
A5-Security Misconfiguration
OWASP Top 10 2017
A6-Security Misconfiguration
OWASP Top 10 2021
A5-Security Misconfiguration
PCI DSS 4.0
6.2.47.2.6
HIPAA
§164.312 (a)(1)§164.312 (d)
CWE
CWE-1031

Overview

The application initiates a connection to the database using a parameter from an untrusted source. An attacker can change the connection settings.

Unsafe database connection attacks (Security Misconfiguration) take the sixth place in the OWASP Top 10 2017 web application vulnerabilities ranking.

Attacker accesses default accounts, unused pages, unpatched flaws, unprotected files and directories, etc. to gain unauthorized access to or knowledge of the system.

References

  1. DatabaseConfig - playframework.com
  2. CWE CATEGORY: OWASP Top Ten 2017 Category A5 - Broken Access Control
MEDIUM

DerScanner Severity Score

Do you want to fix Kotlin : Unsafe database connection config (Play) in your application?

See also

Kotlin

Kotlin : Missing required cryptographic step

Kotlin

Kotlin : Logging into system output

Kotlin

Kotlin : Call of notify() in synchronized block