PT-2013-1815 · Oracle+1 · Mysql Server+2

Huzaifa S. Sidhpurwala

Published

2013-01-30

Updated

2024-06-15

CVE-2012-5627

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Oracle MySQL and MariaDB versions 5.2.x through 5.2.13 Oracle MySQL and MariaDB versions 5.3.x through 5.3.11 Oracle MySQL and MariaDB versions 5.5.x through 5.5.28

Description The issue makes it easier for remote authenticated users to conduct brute force password guessing attacks because the salt is not modified during multiple executions of the change user command within the same connection.

Recommendations For Oracle MySQL and MariaDB versions 5.2.x through 5.2.13, update to version 5.2.14 or later. For Oracle MySQL and MariaDB versions 5.3.x through 5.3.11, update to version 5.3.12 or later. For Oracle MySQL and MariaDB versions 5.5.x through 5.5.28, update to version 5.5.29 or later.

Exploit

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

AZL-6692

CVE-2012-5627

OPENSUSE-SU-2024:10153-1

SUSE-RU-2023:3956-1

SUSE-RU-2023:4991-1

Affected Products

Mariadb

Mariadb Server

Mysql Server

PT-2013-1815 · Oracle+1 · Mysql Server+2

CVE-2012-5627

Weakness Enumeration

Related Identifiers

Affected Products

References · 438