Oracle MySQL and MariaDB 5.5.x prior to 5.5.29, 5.3.x prior to 5.3.12, and 5.2.x prior to 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle mysql |
||
mariadb mariadb 10.0.0 |
||
mariadb mariadb |