Published: 26/06/2012 Updated: 21/02/2014

CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9

VMScore: 532

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

sql/password.c in Oracle MySQL 5.1.x prior to 5.1.63, 5.5.x prior to 5.5.24, and 5.6.x prior to 5.6.6, and MariaDB 5.1.x prior to 5.1.62, 5.2.x prior to 5.2.12, 5.3.x prior to 5.3.6, and 5.5.x prior to 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote malicious users to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle mysql 5.1.54
oracle mysql 5.1.55
oracle mysql 5.1.60
oracle mysql 5.1.61
oracle mysql 5.1.52
oracle mysql 5.1.53
oracle mysql 5.1.58
oracle mysql 5.1.59
oracle mysql 5.1.51
oracle mysql 5.1.56
oracle mysql 5.1.57
oracle mysql 5.5.20
oracle mysql 5.5.19
oracle mysql 5.5.11
oracle mysql 5.5.10
oracle mysql 5.5.18
oracle mysql 5.5.17
oracle mysql 5.5.16
oracle mysql 5.5.15
oracle mysql 5.5.14
oracle mysql 5.5.21
oracle mysql 5.5.13
oracle mysql 5.5.12
oracle mysql 5.6.2
oracle mysql 5.6.3
oracle mysql 5.6.4
oracle mysql 5.6.5
mariadb mariadb 5.1.61
mariadb mariadb 5.1.60
mariadb mariadb 5.1.44
mariadb mariadb 5.1.42
mariadb mariadb 5.1.55
mariadb mariadb 5.1.53
mariadb mariadb 5.1.41
mariadb mariadb 5.1.51
mariadb mariadb 5.1.50
mariadb mariadb 5.1.49
mariadb mariadb 5.1.47
mariadb mariadb 5.2.5
mariadb mariadb 5.2.6
mariadb mariadb 5.2.0
mariadb mariadb 5.2.7
mariadb mariadb 5.2.8
mariadb mariadb 5.2.1
mariadb mariadb 5.2.2
mariadb mariadb 5.2.9
mariadb mariadb 5.2.10
mariadb mariadb 5.2.3
mariadb mariadb 5.2.4
mariadb mariadb 5.2.11
mariadb mariadb 5.3.0
mariadb mariadb 5.3.1
mariadb mariadb 5.3.2
mariadb mariadb 5.3.3
mariadb mariadb 5.3.4
mariadb mariadb 5.3.5
mariadb mariadb 5.3.6
mariadb mariadb 5.5.22
mariadb mariadb 5.5.21
mariadb mariadb 5.5.20

Synopsis Important: mysql security update Type/Severity Security Advisory: Important Topic Updated mysql packages that fix two security issues are now available forRed Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as havingimportant security impact Common Vulnerability Sco ...

Debian Bug report logs - #677018 mysql-51: CVE-2012-2122: MySQL authentication bypass Package: mysql-51; Maintainer for mysql-51 is (unknown); Reported by: Henri Salo <henri@nervfi> Date: Mon, 11 Jun 2012 08:09:02 UTC Severity: serious Tags: security Found in version 5161-0+squeeze1 Fixed in version 5162-1+rm Don ...

Several security issues were fixed in MySQL ...

Due to the non-disclosure of security patch information from Oracle, we are forced to ship an upstream version update of MySQL 51 There are several known incompatible changes, which are listed in /usr/share/doc/mysql-server/NEWSDebiangz Several issues have been discovered in the MySQL database server The vulnerabilities are addresse ...

sql/passwordc in Oracle MySQL 51x before 5163, 55x before 5524, and 56x before 566, and MariaDB 51x before 5162, 52x before 5212, 53x before 536, and 55x before 5523, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly a ...

#!/usr/bin/python # # # This has to be the easiest "exploit" ever Seriously Embarassed to submit this a little # # Title: MySQL Remote Root Authentication Bypass # Written by: Dave Kennedy (ReL1K) # wwwsecmaniaccom # # Original advisory here: seclistsorg/oss-sec/2012/q2/493 import subprocess ipaddr = raw_input("Enter the IP address of ...

Kartoo Search Engine suffers from information disclosure, cross site scripting, and remote file inclusion vulnerabilities ...

MySQL remote root authentication bypass exploit ...

Attempts to bypass authentication in MySQL and MariaDB servers by exploiting CVE2012-2122. If its vulnerable, it will also attempt to dump the MySQL usernames and password hashes.

PORT     STATE SERVICE REASON
3306/tcp open  mysql   syn-ack
| mysql-vuln-cve2012-2122:
|   VULNERABLE:
|   Authentication bypass in MySQL servers.
|     State: VULNERABLE
|     IDs:  CVE:CVE-2012-2122
|     Description:
|       When a user connects to MariaDB/MySQL, a token (SHA
|       over a password and a random scramble string) is calculated and compared
|       with the expected value. Because of incorrect casting, it might've
|       happened that the token and the expected value were considered equal,
|       even if the memcmp() returned a non-zero value. In this case
|       MySQL/MariaDB would think that the password is correct, even while it is
|       not.  Because the protocol uses random strings, the probability of
|       hitting this bug is about 1/256.
|       Which means, if one knows a user name to connect (and "root" almost
|       always exists), she can connect using *any* password by repeating
|       connection attempts. ~300 attempts takes only a fraction of second, so
|       basically account password protection is as good as nonexistent.
|
|     Disclosure date: 2012-06-9
|     Extra information:
|       Server granted access at iteration #204
|     root:*9CFBBC772F3F6C106020035386DA5BBBF1249A11
|     debian-sys-maint:*BDA9386EE35F7F326239844C185B01E3912749BF
|     phpmyadmin:*9CFBBC772F3F6C106020035386DA5BBBF1249A11
|     References:
|       https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql
|       http://seclists.org/oss-sec/2012/q2/493
|_      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2122

nmap -p3306 --script mysql-vuln-cve2012-2122 <target>
nmap -sV --script mysql-vuln-cve2012-2122 <target>

Mysql 身份认证绕过漏洞（CVE-2012-2122）当连接MariaDB/MySQL时，输入的密码会与期望的正确密码比较，由于不正确的处理，会导致即便是memcmp()返回一个非零值，也会使MySQL认为两个密码是相同的。也就是说只要知道用户名，不断尝试就能够直接登入SQL数据库。受影响版本： MariaDB versions from

NSX-T IDS with Network Container Plugin The repository contains the Kubernetes manifests for the deployment of an old Drupal (70), PHP (56), MySQL (50) setup Drupal 70 container image is built from the provided Dockerfile There are some CVEs that will trigger alarms on the IDS: MySQL DELETE tbl_name heap buffer overflow (CVE-2012-5612) Drupal 7 Preauth SQL Injection (CVE

NMAP Nse Scripts

NMAP Scripting Engine custom scripts mysql-auth-bypass - checks to see whether or not a MySQL database is vulnerable to CVE-2012-2122

NMAP Scripting Engine Scripts

NMAP Scripting Engine custom scripts mysql-auth-bypass - checks to see whether or not a MySQL database is vulnerable to CVE-2012-2122

MySQL 인증 바이패스 취약점 (CVE-2012-2122) 취약점 설명: MariaDB/MySQL에 연결할 때 입력한 암호가 올바른 암호와 비교되어야 하는데, 잘못된 처리로 인해 memcmp()가 비영(0이 아닌) 값을 반환하더라도 MySQL은 두 암호가 동일하다고 인식하게 됩니다 다시 말해 사용자 이름을 알고 있다면 계속 시도

🐳 docker-compose 를 활용한 취약한 환경 구성 및 검증 (vulhub 한글판)

Korean Vulhub (한글판) Vulhub (vulhuborg/) 을 기반으로 한국어 번역 및 컨텐츠를 추가하는 것을 목표로 공동작업합니다 차세대 보안리더 양성 프로그램 화이트햇 스쿨 1기 수강생들이 기여하고 있습니다 Table of Contents Flask SSTI | Server Side Template Injection / 신경방 (@positiveWand) MySQL CVE-201

CWE-287 http://seclists.org/oss-sec/2012/q2/493 http://securitytracker.com/id?1027143 http://kb.askmonty.org/en/mariadb-5162-release-notes/http://bugs.mysql.com/bug.php?id=64884 https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql http://secunia.com/advisories/49417 http://www.securityfocus.com/bid/53911 http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html http://www.exploit-db.com/exploits/19092 http://security.gentoo.org/glsa/glsa-201308-06.xml http://secunia.com/advisories/53372 https://access.redhat.com/errata/RHSA-2013:0180 https://usn.ubuntu.com/1467-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/19092/

CVE-2012-2122

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Nmap Scripts

Github Repositories

References

Vulmon Search

About

Products

Connect