CVE-2004-0627

Name of the Vulnerable Software and Affected Versions MySQL versions 4.1.x through 4.1.2 MySQL version 5.0

Description The issue allows remote attackers to bypass authentication. This is possible due to the check scramble 323 function allowing a zero-length scrambled string.

Recommendations For MySQL versions 4.1.x through 4.1.2, update to version 4.1.3 or later. For MySQL version 5.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the check scramble 323 function until a patch is available.