You are here

CVE-2012-5627

Vincent (CVE) Danen's picture
Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.

Details Source

Mitre

Statement

Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Public Date

2012-12-03 00:00:00

Impact

Low

Bugzilla

CVE-2012-5627 mysql: efficient password guessing attack using change_user()

Bugzilla ID

883 719

CVSS Status

draft

Base Score

2.60

Base Metrics

AV:N/AC:H/Au:N/C:P/I:N/A:N

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 mysql Will not fix
Red Hat Enterprise Linux 5 mysql Will not fix