Insecure Password Handling in lean-ruport Gem's tc_database.rb

Insecure Password Handling in lean-ruport Gem's tc_database.rb

CVE-2014-4998 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

test/tc_database.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.