• Close
  • Back to search

    Oracle MySQL Vulnerability: CVE-2012-2122

    Severity CVSS Published Added Modified
    5 (AV:N/AC:H/Au:N/C:P/I:P/A:P) June 25, 2012 August 25, 2012 February 12, 2015

    Available Exploits 

    Description

    sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.

    Free Nexpose Download

    Discover, prioritize, and remediate security risks today!

     Download now

    References

    Solution

    mysql-upgrade-5_1_63

    Related Vulnerabilities