PT-2013-1815 · Oracle+1 · Mysql Server+2

Huzaifa S. Sidhpurwala

Publicado

2013-01-30

Atualizado

2024-06-15

CVE-2012-5627

CVSS v2.0

4.0

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Oracle MySQL and MariaDB versions 5.2.x through 5.2.13 Oracle MySQL and MariaDB versions 5.3.x through 5.3.11 Oracle MySQL and MariaDB versions 5.5.x through 5.5.28

Description The issue makes it easier for remote authenticated users to conduct brute force password guessing attacks because the salt is not modified during multiple executions of the change user command within the same connection.

Recommendations For Oracle MySQL and MariaDB versions 5.2.x through 5.2.13, update to version 5.2.14 or later. For Oracle MySQL and MariaDB versions 5.3.x through 5.3.11, update to version 5.3.12 or later. For Oracle MySQL and MariaDB versions 5.5.x through 5.5.28, update to version 5.5.29 or later.

Exploit

Correção

Insufficiently Protected Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-522

Identificadores relacionados

AZL-6692

CVE-2012-5627

OPENSUSE-SU-2024:10153-1

SUSE-RU-2023:3956-1

SUSE-RU-2023:4991-1

Produtos afetados

Mariadb

Mariadb Server

Mysql Server

PT-2013-1815 · Oracle+1 · Mysql Server+2

CVE-2012-5627

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 438