Описание
Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.
Ссылки
- ExploitMailing ListThird Party Advisory
- ExploitMailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Not Applicable
- PatchThird Party AdvisoryVDB Entry
- Broken Link
- Issue TrackingPatchThird Party Advisory
- Broken LinkVendor Advisory
- ExploitMailing ListThird Party Advisory
- ExploitMailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Not Applicable
- PatchThird Party AdvisoryVDB Entry
- Broken Link
- Issue TrackingPatchThird Party Advisory
- Broken LinkVendor Advisory
Уязвимые конфигурации
Одно из
EPSS
4 Medium
CVSS2
Дефекты
Связанные уязвимости
Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.
Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.
Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and ...
Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.
EPSS
4 Medium
CVSS2