Python-mysqlclient-empty-password
Python mysqlclient empty password
python-mysqlclient-empty-password
python-mysqlclient-empty-password
The application creates a database connection with an empty password. This can lead to unauthorized access by either an internal or external malicious actor. To prevent this vulnerability, enforce authentication when connecting to a database by using environment variables to securely provide credentials or retrieving them from a secure vault or HSM (Hardware Security Module).
Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-287: Improper Authentication
OWASP:
- A07:2021 - Identification and Authentication Failures