Description

Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.

Remediation

References

CVE-2012-5627

Related Vulnerabilities

WordPress Plugin Gigya-Social Infrastructure Cross-Site Scripting (1.1.8)

phpMyAdmin 7PK - Security Features Vulnerability (CVE-2016-9850)

WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.28)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3617)

phpBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-5501)

Severity

Medium

Classification

CVE-2012-5627 CWE-522

Tags

Missing Update Known Vulnerabilities