Back to search

Oracle MySQL Vulnerability: CVE-2012-2122

Severity CVSS Published Added Modified
5 (AV:N/AC:H/Au:N/C:P/I:P/A:P) June 25, 2012 August 25, 2012 February 12, 2015

Available Exploits 


sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now




Related Vulnerabilities