| VID |
25012 |
| Severity |
30 |
| Port |
3306 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
You are running a version of MySQL which is older than version 3.22.32.
MySQL versions prior to 3.22.32 could allow remote attackers to bypass authentication. If you have not patched this version, then any attacker who knows a valid username can access your tables without having to enter any valid password.
* Note: This check solely relied on the version number of the remote MySQL server to assess this vulnerability, so this might be a false positive.
* References:
http://www.iss.net/security_center/static/4228.php
http://www.mysql.com/documentation/mysql/bychapter/manual_News.html |
| Recommendation |
Upgrade to the latest version of MySQL (3.22.32 or later), appropriate for your platform.
OR, edit the file mysql-xxx/sql/password.c, and search for the "while(*scrambled)" loop. In front of it, add : "if(strlen(scrambled) != strlen(to)) return 1" |
| Related URL |
CVE-2000-0148 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
