CVE-2012-5615

Name of the Vulnerable Software and Affected Versions Oracle MySQL versions 5.5.38 and earlier Oracle MySQL versions 5.6.19 and earlier MariaDB versions 5.5.28a and earlier MariaDB version 5.3.11 MariaDB version 5.2.13 MariaDB version 5.1.66

Description The issue allows remote attackers to enumerate valid usernames by generating different error messages with different time delays depending on whether a user name exists.

Recommendations For Oracle MySQL versions 5.5.38 and earlier, update to a version later than 5.5.38 to resolve the issue. For Oracle MySQL versions 5.6.19 and earlier, update to a version later than 5.6.19 to resolve the issue. For MariaDB versions 5.5.28a and earlier, consider updating to a newer version to mitigate the risk. For MariaDB version 5.3.11, consider updating to a newer version to mitigate the risk. For MariaDB version 5.2.13, consider updating to a newer version to mitigate the risk. For MariaDB version 5.1.66, consider updating to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the user enumeration functionality to minimize the risk of exploitation.