Main Vulnerability Database Exploits ID:4036 - Exploit for Credentials management in MariaDB - CVE-2012-5627

ID:4036 - Exploit for Credentials management in MariaDB - CVE-2012-5627

Published: August 11, 2020

Vulnerability identifier: #VU42510

Vulnerability risk: Low

CVE-ID: CVE-2012-5627

CWE-ID: CWE-255

Exploitation vector: Remote access

Vulnerable software:
MariaDB

Link to public exploit:

https://www.exploit-db.com/exploits/38109/

Vulnerability description

The vulnerability allows a remote #AU# to gain access to sensitive information.

Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.

Remediation

Install update from vendor's website.

ID:4036 - Exploit for Credentials management in MariaDB - CVE-2012-5627

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human