Thread: Security Simple authentication bypass for MySQL root revealed
View Single Post
  #1   (View Single Post)  
Old 11th June 2012
J65nko J65nko is offline
Administrator
  
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,131
Default Simple authentication bypass for MySQL root revealed
From http://h-online.com/-1614990
Quote:
Exploits for a recently revealed MySQL authentication bypass flaw are now in the wild, partly because the flaw is remarkably simple to exploit in order to gain root access to the database. The only mitigating factor appears to be that it depends on the C library that the MySQL database was built with. The bypass, assigned the vulnerability ID CVE-2012-2122, allows an attacker to gain root access by repeatedly trying to login with an incorrect password. Each attempt has a 1 in 256 chance of being given access. The exploits are mostly variations of looping through connecting to MySQL with a bad password around 300 to 512 times.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote