Description

Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.

Remediation

References

CVE-2012-5627

Related Vulnerabilities

WordPress Plugin WooCommerce Unspecified Vulnerability (3.9.1)

SharePoint Out-of-bounds Write Vulnerability (CVE-2018-0792)

WordPress Plugin Drag and Drop Multiple File Upload-Contact Form 7 Arbitrary File Upload (1.3.3.2)

WordPress Plugin SAML SP Single Sign On-SSO login Cross-Site Scripting (4.8.72)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-7076)

Severity

Medium

Classification

CVE-2012-5627 CWE-522

Tags

Missing Update Known Vulnerabilities