Hi all :-)
This morning I did a scan of my new server. Everythings looked fine,
until this came up:
--------------------------------------------
Vulnerability found on port mysql (3306/tcp) :
Your MySQL database is not password protected.
Anyone can connect to it and do whatever he wants to your data
(deleting a database, adding bogus entries, ...)
We could collect the list of databases installed on the remote
host.
Solution : Log into this host, and set a password for the root user
through the command 'mysql -u root password <newpassword>'
Read the MySQL manual (available on www.mysql.com) for details.
In addition to this, it is not recommanded that you let your MySQL
daemon listen to request from anywhere in the world. You should
filter incoming connections to this port.
Risk factor: High
--------------------------------------------
Apparently this messages comey from
http://cgi.nessus.org/plugins/dump.php3?id=10481
My "problem" is: my MySql server doesnt permit login without passwords.
Could you please give me more information about how the plugin works?
I'd like to "see" whats happening.
cu, Sascha Carlin
--
Sascha Carlin Heidelbergerstrasse 15 64283 Darmstadt
http://www.itst.org/aktiv.php 0 61 51 / 30 87 20
-
[EMAIL PROTECTED]: general discussions about Nessus.
* To unsubscribe, send a mail to [EMAIL PROTECTED] with
"unsubscribe nessus" in the body.
