CVE-2012-2122
MySQL Authentication Bypass Password Dump
Severity Score
8.1
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
10
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.
sql/password.c en Oracle MySQL 5.1.x anterior a 5.1.63, 5.5.x anterior a 5.5.24, y 5.6.x anterior a 5.6.6, y MariaDB 5.1.x anterior a 5.1.62, 5.2.x anterior a 5.2.12, 5.3.x anterior a 5.3.6, y 5.5.x anterior a 5.5.23, cuando se ejecuta en determinados entornos con determinadas implementaciones de la función memcmp, permite que atacantes remotos eviten la autenticación utilizando repetidamente la misma contraseña incorrecta, lo que eventualmente provoca una comparación de token con resultado de éxito en una variable de retorno no validada
sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value. MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denial of service via vectors related to incorrect calculation and a sort order index. Stack-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command. The updated packages have been patched to correct these issues.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-04-04 CVE Reserved
- 2012-06-12 CVE Published
- 2012-06-12 First Exploit
- 2024-08-06 CVE Updated
- 2025-07-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-287: Improper Authentication
- CWE-305: Authentication Bypass by Primary Weakness
CAPEC
References (20)
| URL | Tag | Source |
|---|---|---|
| http://kb.askmonty.org/en/mariadb-5162-release-notes | X_refsource_confirm | |
| http://secunia.com/advisories/53372 | Third Party Advisory | |
| http://securitytracker.com/id?1027143 | Vdb Entry | |
| https://www.rapid7.com/blog/post/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql |
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/181221 | 2024-09-01 | |
| https://packetstorm.news/files/id/113550 | 2012-06-12 | |
| https://www.exploit-db.com/exploits/19092 | 2016-12-05 | |
| https://github.com/zhangkaibin0921/CVE-2012-2122 | 2023-12-01 | |
| https://github.com/Avinza/CVE-2012-2122-scanner | 2013-05-09 | |
| https://github.com/cyberharsh/Oracle-mysql-CVE-2012-2122 | 2020-06-24 | |
| http://bugs.mysql.com/bug.php?id=64884 | 2024-08-06 | |
| http://www.exploit-db.com/exploits/19092 | 2024-08-06 | |
| http://www.securityfocus.com/bid/53911 | 2024-08-06 | |
| https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| http://seclists.org/oss-sec/2012/q2/493 | 2014-02-21 |
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html | 2014-02-21 | |
| http://secunia.com/advisories/49417 | 2014-02-21 | |
| http://security.gentoo.org/glsa/glsa-201308-06.xml | 2014-02-21 | |
| https://access.redhat.com/security/cve/CVE-2012-2122 | 2012-11-14 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=814605 | 2012-11-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.1.51 Search vendor "Oracle" for product "Mysql" and version "5.1.51" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.1.52 Search vendor "Oracle" for product "Mysql" and version "5.1.52" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.1.52 Search vendor "Oracle" for product "Mysql" and version "5.1.52" | sp1 |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.1.53 Search vendor "Oracle" for product "Mysql" and version "5.1.53" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.1.54 Search vendor "Oracle" for product "Mysql" and version "5.1.54" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.1.55 Search vendor "Oracle" for product "Mysql" and version "5.1.55" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.1.56 Search vendor "Oracle" for product "Mysql" and version "5.1.56" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.1.57 Search vendor "Oracle" for product "Mysql" and version "5.1.57" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.1.58 Search vendor "Oracle" for product "Mysql" and version "5.1.58" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.1.59 Search vendor "Oracle" for product "Mysql" and version "5.1.59" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.1.60 Search vendor "Oracle" for product "Mysql" and version "5.1.60" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.1.61 Search vendor "Oracle" for product "Mysql" and version "5.1.61" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.5.10 Search vendor "Oracle" for product "Mysql" and version "5.5.10" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.5.11 Search vendor "Oracle" for product "Mysql" and version "5.5.11" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.5.12 Search vendor "Oracle" for product "Mysql" and version "5.5.12" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.5.13 Search vendor "Oracle" for product "Mysql" and version "5.5.13" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.5.14 Search vendor "Oracle" for product "Mysql" and version "5.5.14" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.5.15 Search vendor "Oracle" for product "Mysql" and version "5.5.15" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.5.16 Search vendor "Oracle" for product "Mysql" and version "5.5.16" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.5.17 Search vendor "Oracle" for product "Mysql" and version "5.5.17" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.5.18 Search vendor "Oracle" for product "Mysql" and version "5.5.18" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.5.19 Search vendor "Oracle" for product "Mysql" and version "5.5.19" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.5.20 Search vendor "Oracle" for product "Mysql" and version "5.5.20" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.5.21 Search vendor "Oracle" for product "Mysql" and version "5.5.21" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.6.2 Search vendor "Oracle" for product "Mysql" and version "5.6.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.6.3 Search vendor "Oracle" for product "Mysql" and version "5.6.3" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.6.4 Search vendor "Oracle" for product "Mysql" and version "5.6.4" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | 5.6.5 Search vendor "Oracle" for product "Mysql" and version "5.6.5" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | 5.1.41 Search vendor "Mariadb" for product "Mariadb" and version "5.1.41" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | 5.1.42 Search vendor "Mariadb" for product "Mariadb" and version "5.1.42" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | 5.1.44 Search vendor "Mariadb" for product "Mariadb" and version "5.1.44" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | 5.1.47 Search vendor "Mariadb" for product "Mariadb" and version "5.1.47" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | 5.1.49 Search vendor "Mariadb" for product "Mariadb" and version "5.1.49" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | 5.1.50 Search vendor "Mariadb" for product "Mariadb" and version "5.1.50" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | 5.1.51 Search vendor "Mariadb" for product "Mariadb" and version "5.1.51" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | 5.1.53 Search vendor "Mariadb" for product "Mariadb" and version "5.1.53" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | 5.1.55 Search vendor "Mariadb" for product "Mariadb" and version "5.1.55" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | 5.1.60 Search vendor "Mariadb" for product "Mariadb" and version "5.1.60" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | 5.1.61 Search vendor "Mariadb" for product "Mariadb" and version "5.1.61" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | 5.2.0 Search vendor "Mariadb" for product "Mariadb" and version "5.2.0" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | 5.2.1 Search vendor "Mariadb" for product "Mariadb" and version "5.2.1" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | 5.2.2 Search vendor "Mariadb" for product "Mariadb" and version "5.2.2" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | 5.2.3 Search vendor "Mariadb" for product "Mariadb" and version "5.2.3" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | 5.2.4 Search vendor "Mariadb" for product "Mariadb" and version "5.2.4" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | 5.2.5 Search vendor "Mariadb" for product "Mariadb" and version "5.2.5" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | 5.2.6 Search vendor "Mariadb" for product "Mariadb" and version "5.2.6" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | 5.2.7 Search vendor "Mariadb" for product "Mariadb" and version "5.2.7" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | 5.2.8 Search vendor "Mariadb" for product "Mariadb" and version "5.2.8" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | 5.2.9 Search vendor "Mariadb" for product "Mariadb" and version "5.2.9" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | 5.2.10 Search vendor "Mariadb" for product "Mariadb" and version "5.2.10" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | 5.2.11 Search vendor "Mariadb" for product "Mariadb" and version "5.2.11" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | 5.3.0 Search vendor "Mariadb" for product "Mariadb" and version "5.3.0" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | 5.3.1 Search vendor "Mariadb" for product "Mariadb" and version "5.3.1" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | 5.3.2 Search vendor "Mariadb" for product "Mariadb" and version "5.3.2" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | 5.3.3 Search vendor "Mariadb" for product "Mariadb" and version "5.3.3" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | 5.3.4 Search vendor "Mariadb" for product "Mariadb" and version "5.3.4" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | 5.3.5 Search vendor "Mariadb" for product "Mariadb" and version "5.3.5" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | 5.3.6 Search vendor "Mariadb" for product "Mariadb" and version "5.3.6" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | 5.5.20 Search vendor "Mariadb" for product "Mariadb" and version "5.5.20" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | 5.5.21 Search vendor "Mariadb" for product "Mariadb" and version "5.5.21" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | 5.5.22 Search vendor "Mariadb" for product "Mariadb" and version "5.5.22" | - |
Affected
| ||||||