Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Not a member yet? Click here to register.
Forgot Password?

Important: MySQL Vulnerability - NOT PHP-FUSION

Asked Modified Viewed 3,525 times
C
Craig
C
Craig 14
  • Fusioneer, joined since
  • Contributed 4,462 posts on the community forums.
  • Started 212 threads in the forums
  • Started this discussions
asked
Fusioneer

Hi Everyone,

A security flaw was discovered in MySQL's authentication system.

Without going into too much detail, some versions of MySQL will allow a successful login 1 in 256 times regardless of password (the username does seemingly have to be correct). It's within MySQL's authentication system.

Most MySQL installations don't allow root access over the network in a default install (and indeed are recommended not to be enabled), so the username part is still providing some protection.

For more information on the exploit, please see:

http://www.theregister.co.uk/2012/06/11/mysql_mariadb_password_flaw/
https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql

Regards
Fangree_Craig
0 replies

2 posts

H
Homdax
H
Homdax 10
  • Fusioneer, joined since
  • Contributed 2,247 posts on the community forums.
  • Started 108 threads in the forums
answered
Fusioneer

I need this verified and an elaboration on concrete implications for PHPFusion.
0 replies
C
Craig
C
Craig 14
  • Fusioneer, joined since
  • Contributed 4,462 posts on the community forums.
  • Started 212 threads in the forums
  • Started this discussions
answered
Fusioneer

mySQL vulnerabilities up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 ยท OpenSSL Still vulnerable.


http://www.ubuntu.com/usn/usn-1467-1/

http://www.darkreading.com/database-security/167901020/security/news/240001958/expect-a-surge-in-breaches-following-mysql-vulnerability.html
0 replies

Labels

None yet

Statistics

  • Views 0 views
  • Posts 2 posts
  • Votes 0 votes
  • Topic users 2 members

2 participants

H
H
Homdax 10
  • Fusioneer, joined since
  • Contributed 2,247 posts on the community forums.
  • Started 108 threads in the forums
C
C
Craig 14
  • Fusioneer, joined since
  • Contributed 4,462 posts on the community forums.
  • Started 212 threads in the forums
  • Started this discussions

Notifications

Track thread

You are not receiving notifications from this thread.

Related Questions

Not yet