Oracle MySQL 5.5.38 and previous versions, 5.6.19 and previous versions, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote malicious users to enumerate valid usernames.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mariadb mariadb 5.5.28a |
||
oracle mysql 5.5.19 |
||
mariadb mariadb 5.2.13 |
||
mariadb mariadb 5.1.66 |
||
mariadb mariadb 5.3.11 |