CVE-2012-5627

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 01-10-2013 07:55

Last modified: - 29-08-2022 10:56

Total changes: - 3

Description

Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:S/C:P/I:N/A:N

Low

Attack complexity

Network

Attack vector

None

Availability

Low

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

4.0

Base score

8.0

2.9

Exploitability score

Impact score

Verification logic

Reference

20121203 MySQL Local/Remote FAST Account Password Cracking-Exploit, Mailing List, Third Party Advisory
[oss-security] 20121206 Re: CVE request: Mysql/Mariadb insecure salt-usage-Mailing List, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=883719
20121205 Re: MySQL Local/Remote FAST Account Password Cracking-Exploit, Mailing List, Third Party Advisory
https://mariadb.atlassian.net/browse/MDEV-3915
GLSA-201308-06-Patch, Third Party Advisory, VDB Entry
MDVSA-2013:102-Broken Link
53372-Not Applicable

Keywords

CVE-2012-5627

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2012-5627

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures