DerScanner
Home / Vulnerability Database / Scala : Unsafe database connection config (Play)
Scala

Scala : Unsafe database connection config (Play)

Classification

OWASP Top 10 2013
A5-Security Misconfiguration
OWASP Top 10 2017
A6-Security Misconfiguration
OWASP Top 10 2021
A5-Security Misconfiguration
PCI DSS 4.0
6.2.47.2.6
HIPAA
§164.312 (a)(1)§164.312 (d)
CWE
CWE-1031

Overview

The application initiates a connection to the database using a parameter from an untrusted source. An attacker can change the connection settings.

Unsafe database connection attacks (Security Misconfiguration) take the sixth place in the OWASP Top 10 2017 web application vulnerabilities ranking.

Attacker accesses default accounts, unused pages, unpatched flaws, unprotected files and directories, etc. to gain unauthorized access to or knowledge of the system.

References

  1. DatabaseConfig - playframework.com
  2. CWE CATEGORY: OWASP Top Ten 2017 Category A5 - Broken Access Control
MEDIUM

DerScanner Severity Score

Do you want to fix Scala : Unsafe database connection config (Play) in your application?

See also

Scala

Scala : Unreleased resource stream

Scala

Scala : Multiple loggers in same class

Scala

Scala : Insufficient encryption key length