MySQL Authentication Bypass Network Vulnerability

Summary

MySQL is prone to an Authentication Bypass. Successful exploitation will yield unauthorized access to the database. All MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.23 are vulnerable. MariaDB versions from 5.1.62, 5.2.12, 5.3.6, 5.5.23 are not. MySQL versions from 5.1.63, 5.5.24, 5.6.6 are not.

References

http://bugs.mysql.com/bug.php?id=64884
http://seclists.org/oss-sec/2012/q2/493
https://mariadb.atlassian.net/browse/MDEV-212

Updated on 2017-03-28

Severity

Classification

CVE CVE-2012-2122

CVSS	Base Score: 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P

Related Vulnerabilities

MySQL Unspecified vulnerability-04 July-2013 (Windows)
MariaDB 'COM_CHANGE_USER' Command Insecure Salt Generation Security Bypass Vulnerability
Oracle Database Server Multiple Information Disclosure Vulnerabilities
Oracle Database Server Multiple Unspecified Vulnerabilities-02 Jan2014
Oracle MySQL Multiple Unspecified vulnerabilities-03 Oct14 (Windows)

Take action and discover your vulnerabilities