WEB APPLICATION VULNERABILITIES Standard & Premium

MySQL Insufficiently Protected Credentials Vulnerability (CVE-2012-5627)

Description

Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.

Remediation

References

Related Vulnerabilities

WordPress Plugin xili-language Multiple Unspecified Vulnerabilities (2.17.0)

WordPress Plugin pootle button Cross-Site Scripting (1.1.1)

Oracle Database Server CVE-2012-1708 Vulnerability (CVE-2012-1708)

WordPress Plugin Super Logos Showcase for WordPress Arbitrary File Upload (2.2)

Internet Information Services Other Vulnerability (CVE-2002-0075)

Severity

Medium

Classification

CVE-2012-5627 CWE-522

Tags

Missing Update Known Vulnerabilities