sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2012-06-26T18:00:00
Updated: 2014-02-10T22:57:01
Reserved: 2012-04-04T00:00:00
Link: CVE-2012-2122
JSON object: View
NVD Information
Status : Modified
Published: 2012-06-26T18:55:05.083
Modified: 2014-02-21T04:50:38.233
Link: CVE-2012-2122
JSON object: View
Redhat Information
No data.
CWE