Skip to content

MySQL Credentials

Service Name: MySQL Database

Service Description: MySQL is an open-source relational database management system (RDBMS) that uses Structured Query Language (SQL) for adding, accessing, and managing content in a database.

Service Address: https://www.mysql.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the database level using MySQL's built-in access control mechanisms that allow connections only from specific IP addresses.

Secret Access Scope: Grants access to MySQL databases with the permissions assigned to the specific user account. This can range from read-only access to full administrative privileges depending on the user configuration.

Secret Revokement URL: Does not exist (managed through MySQL administration tools or direct SQL commands)

Secret Example: mysql://username:p@ssw0rd123!@hostname:3306/database_name

Suspicious Activity Investigation Instructions:

  • Review MySQL server logs for unusual login attempts or query patterns
  • Check for unexpected database schema changes or data modifications
  • Monitor for unusual query volume or resource utilization
  • Examine user activity during non-standard hours
  • Look for connections from unexpected IP addresses
  • Review any data exports or bulk operations

Mitigation Instructions:

  • Immediately revoke the compromised user's access with: REVOKE ALL

PRIVILEGES, GRANT OPTION FROM 'username'@'hostname';

  • Delete the compromised user account: DROP USER 'username'@'hostname';
  • Create a new user with appropriate permissions
  • Update application configuration files that contain the credentials
  • Implement more restrictive IP-based access controls
  • Enable enhanced logging to monitor future database activity
  • Consider implementing database activity monitoring tools
  • Review and update password policies to enforce stronger credentials
  • Implement multi-factor authentication if available for your MySQL deployment