Description

sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.

Remediation

References

CVE-2012-2122

Related Vulnerabilities

WordPress Plugin User Photo Cross-Site Scripting (0.9.5.1)

Oracle JRE CVE-2013-2422 Vulnerability (CVE-2013-2422)

WordPress Plugin FavIcon Switcher Cross-Site Request Forgery (1.2.11)

WordPress Plugin Contextual Related Posts Cross-Site Request Forgery (1.8.6)

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-45556)

Severity

Medium

Classification

CVE-2012-2122 CWE-287

Tags

Missing Update Known Vulnerabilities