CVE-2012-5627
Oracle MySQL / MariaDB - Insecure Salt Generation Security Bypass
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.
Oracle MySQL y MariaDB 5.5.x anteriores a 5.5.29, 5.3.x anteriores a 5.3.12, y 5.2.x anteriores a 5.2.14 no modifican el "salt" durante múltiples ejecuciones del comando change_user en una misma conexión, lo cual facilita a usuarios remotamente autenticados ejecutar ataques de adivinación de contraseña por fuerza bruta.
Multiple vulnerabilities have been found in MySQL, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 5.1.70 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-10-24 CVE Reserved
- 2012-12-06 First Exploit
- 2013-08-29 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-522: Insufficiently Protected Credentials
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/oss-sec/2012/q4/424 | Mailing List |
|
| http://secunia.com/advisories/53372 | Not Applicable |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/38109 | 2012-12-06 | |
| http://seclists.org/fulldisclosure/2012/Dec/58 | 2024-08-06 | |
| http://seclists.org/fulldisclosure/2012/Dec/83 | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| http://security.gentoo.org/glsa/glsa-201308-06.xml | 2022-08-29 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=883719 | 2022-08-29 |
| URL | Date | SRC |
|---|---|---|
| http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | 2022-08-29 | |
| https://mariadb.atlassian.net/browse/MDEV-3915 | 2022-08-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | >= 5.5.0 < 5.5.29 Search vendor "Oracle" for product "Mysql" and version " >= 5.5.0 < 5.5.29" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 5.2.0 < 5.2.14 Search vendor "Mariadb" for product "Mariadb" and version " >= 5.2.0 < 5.2.14" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 5.3.0 < 5.3.12 Search vendor "Mariadb" for product "Mariadb" and version " >= 5.3.0 < 5.3.12" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 5.5.0 < 5.5.29 Search vendor "Mariadb" for product "Mariadb" and version " >= 5.5.0 < 5.5.29" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | 10.0.0 Search vendor "Mariadb" for product "Mariadb" and version "10.0.0" | - |
Affected
| ||||||