Description

Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.

Remediation

References

CVE-2012-5627

Related Vulnerabilities

concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-9526)

WordPress Plugin WP Ultimate Exporter SQL Injection (1.1)

WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.23)

WordPress Plugin Backup Migration Remote Code Execution (1.3.7)

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4194)

Severity

Medium

Classification

CVE-2012-5627 CWE-522

Tags

Missing Update Known Vulnerabilities