Important: MySQL Vulnerability - NOT PHP-FUSION: The Chill Out Zone

Home
Search

Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.

Hi Everyone,

A security flaw was discovered in MySQL's authentication system.

Without going into too much detail, some versions of MySQL will allow a successful login 1 in 256 times regardless of password (the username does seemingly have to be correct). It's within MySQL's authentication system.

Most MySQL installations don't allow root access over the network in a default install (and indeed are recommended not to be enabled), so the username part is still providing some protection.

For more information on the exploit, please see:

http://www.theregister.co.uk/2012/06/11/mysql_mariadb_password_flaw/
https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql

Regards
Fangree_Craig

0 replies

I need this verified and an elaboration on concrete implications for PHPFusion.

0 replies

mySQL vulnerabilities up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 · OpenSSL Still vulnerable.

http://www.ubuntu.com/usn/usn-1467-1/

http://www.darkreading.com/database-security/167901020/security/news/240001958/expect-a-surge-in-breaches-following-mysql-vulnerability.html

0 replies

Category Forum

Announcements & Security Issues

Labels

None yet

Statistics

Views 0 views
Posts 2 posts
Votes 0 votes
Topic users 2 members

2 participants

Notifications

Track thread

You are not receiving notifications from this thread.

Important: MySQL Vulnerability - NOT PHP-FUSION

2 posts

PHPFusion

Resources

Community

Development