Username and Password in URI (Connection String)
Service Name: Database Connection String
Service Description: A connection string containing embedded username and password credentials used to authenticate to databases, APIs, or other services via URI format.
Service Address: [https://www.connectionstrings.com/](https://www.connectionstrings.com/)
Username and Password in URI
URI_USERNAME_AND_PASSWORD
-
Validation Type: API Auth
-
IP Allow list: Does not exist
-
Secret Access Scope: Grants direct access to the database or service specified in the URI with the privileges of the embedded user account.
-
Secret Revokement URL: Does not exist
-
Secret Example:
postgres://admin:p@ssw0rd@database.example.com:5432/mydb -
Suspicious Activity Investigation Instructions:
-
Check access logs for the database or service to identify unusual access patterns or unauthorized queries.
-
Review database audit logs for suspicious operations performed using the credentials.
-
Monitor for unusual data transfer volumes that might indicate data exfiltration.
-
Check for unauthorized schema changes or new user accounts created in the database.
-
-
Mitigation Instructions:
-
Immediately change the password for the affected user account.
-
Consider creating a new user with appropriate permissions and deprecating the exposed account.
-
Implement connection string encryption or use a secrets management service instead of hardcoding credentials.
-
Update all applications and services using this connection string with the new secure method.
-
Implement IP restrictions on database access if possible.
-
Review and rotate other credentials that might have been exposed in the same context.
-