Test Kennung:	1.3.6.1.4.1.25623.1.0.804037
Kategorie:	Databases
Titel:	MariaDB 'COM_CHANGE_USER' Command Insecure Salt Generation Security Bypass Vulnerability
Zusammenfassung:	MariaDB is prone to a security bypass vulnerability.
Beschreibung:	Summary: MariaDB is prone to a security bypass vulnerability. Vulnerability Insight: Flaw that is triggered when a remote attacker attempts to login to a user's account via the COM_CHANGE_USER command. This command fails to properly disconnect the attacker from the server upon a failed login attempt. Vulnerability Impact: Successful exploitation will allow remote attackers to more easily gain access to a user's account via a brute-force attack. Affected Software/OS: MariaDB versions 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 on Windows Solution: Upgrade to MariaDB version 5.2.14, 5.3.12, 5.5.29 or later. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2012-5627 20121203 MySQL Local/Remote FAST Account Password Cracking http://seclists.org/fulldisclosure/2012/Dec/58 20121205 Re: MySQL Local/Remote FAST Account Password Cracking http://seclists.org/fulldisclosure/2012/Dec/83 53372 http://secunia.com/advisories/53372 GLSA-201308-06 http://security.gentoo.org/glsa/glsa-201308-06.xml MDVSA-2013:102 http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 [oss-security] 20121206 Re: CVE request: Mysql/Mariadb insecure salt-usage http://seclists.org/oss-sec/2012/q4/424 https://bugzilla.redhat.com/show_bug.cgi?id=883719 https://mariadb.atlassian.net/browse/MDEV-3915
Copyright	Copyright (C) 2013 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.