Impact
A remote attacker can distinguish between the fake MySQL service and a real one. This allows an attacker to determine if OpenCanary is running on a host (when the MySQL module is running).
Resolution
Upgrade to OpenCanary 0.6.1
Workarounds
Disable the MySQL module in OpenCanary's configuration file:
# opencanary.conf
...
"mysql.enabled": false,
...
Credits
Thanks to Niels van Gijzen (@nvangijzen) for reporting.
nielsvangijzen Analyst
Impact
A remote attacker can distinguish between the fake MySQL service and a real one. This allows an attacker to determine if OpenCanary is running on a host (when the MySQL module is running).
Resolution
Upgrade to OpenCanary 0.6.1
Workarounds
Disable the MySQL module in OpenCanary's configuration file:
Credits
Thanks to Niels van Gijzen (@nvangijzen) for reporting.