CWE-201: Error clearly exposes the database credentials

July 18, 2017

When access is denied, mysql_pconnect() raises a warning that exposes the user credentials.

References

cwe.mitre.org/data/definitions/201.html
github.com/apache/incubator-openwhisk-client-js/commit/0e40671e75d2ec7e88fa39ef787526d4304f2aaa

Code Behaviors & Features

Detect and mitigate CWE-201 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →