The biggest threat is that an attacker could leverage a vulnerability such as; directory traversal, or using SQL Injection to call load_file() to read the plain text username/password in the configuration file and then Login using phpmyadmin or over tcp port 3306. As a pentester I have used this attack pattern to compromise a system.
Here is a great way to lock down phpmyadmin:
- PhpMyAdmin lacks strong bruteforce protection, so you must use a long randomly generated password.
- DO NOT ALLOW REMOTE ROOT LOGINS! Instead phpmyadmin can be configured to use “Cookie Auth” to limit what user can access the system. If you need some root privileges, create a custom account that can add/drop/create but doesn’t have
grantorfile_priv. - Remove
file_privpermissions from every account.file_privis one of the most dangerous privileges in MySQL because it allows an attacker to read files or upload a backdoor. - Whitelist IP address who have access to the phpmyadmin interface. Here is an example .htaccess reulset:
Order deny,allow Deny from all allow from 199.166.210.1
-
Do not have a predictable file location like:
http://127.0.0.1/phpmyadmin. Vulnerability scanners like Nessus/Nikto/Acunetix/w3af will scan for this. -
Firewall off tcp port 3306 so that it cannot be accessed by an attacker.
-
Use HTTPS, otherwise data and passwords can be leaked to an
attacker. If you don’t want to fork out the $30 for a cert, then
use a self-signed. You’ll accept it once, and even if it was
changed due to a MITM you’ll be notified.