Database Name Disclosure (Microsoft SQL Server)

Severity: Low

Summary#

Invicti identified a database name disclosure (Microsoft SQL Server) in the error message.

Impact#

An attacker can perform brute-force or dictionary-based password guessing on the disclosed database name. It may also help the attacker identify other vulnerabilities or further their exploitation of other identified vulnerabilities.

Remediation#

Error messages should be disabled.
Remove this kind of sensitive data from the output.

Classifications#

CWE-201, HIPAA-164.306(a), WASC-13, OWASP 2017-A6, ISO27001-A.18.1.3, OWASP 2013-A5, PCI v3.2-6.5.5, CAPEC-118

Invicti Security Insights

Fragmented SQL Injection Attacks – The Solution
What is SQL Injection?

Select Category

Critical
High
Medium
Low
Best Practice
Information

Search Vulnerability

Database Name Disclosure (Microsoft SQL Server)

Related Articles

Build your resistance to threats. And save hundreds of hours each month.