Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2012/Dec/58 | Exploit Mailing List Third Party Advisory |
http://seclists.org/fulldisclosure/2012/Dec/83 | Exploit Mailing List Third Party Advisory |
http://seclists.org/oss-sec/2012/q4/424 | Mailing List Third Party Advisory |
http://secunia.com/advisories/53372 | Not Applicable |
http://security.gentoo.org/glsa/glsa-201308-06.xml | Patch Third Party Advisory VDB Entry |
http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | Broken Link |
https://bugzilla.redhat.com/show_bug.cgi?id=883719 | Patch Issue Tracking Third Party Advisory |
https://mariadb.atlassian.net/browse/MDEV-3915 | Broken Link Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2013-10-01T17:00:00
Updated: 2014-02-10T22:57:01
Reserved: 2012-10-24T00:00:00
Link: CVE-2012-5627
JSON object: View
NVD Information
Status : Analyzed
Published: 2013-10-01T17:55:03.383
Modified: 2022-08-29T20:56:14.187
Link: CVE-2012-5627
JSON object: View
Redhat Information
No data.
CWE