Описание
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.
Ссылки
- PatchVendor Advisory
- ExploitPatchVendor Advisory
Уязвимые конфигурации
Одно из
EPSS
7.5 High
CVSS2
Дефекты
Связанные уязвимости
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x befor ...
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.
EPSS
7.5 High
CVSS2