Description

Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.

Remediation

References

CVE-2012-5627

Related Vulnerabilities

Jboss EAP Improper Input Validation Vulnerability (CVE-2010-1871)

WordPress Plugin Broken Link Checker Cross-Site Scripting (1.10.4)

WordPress Plugin WP-Board SQL Injection (1.1)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-1914)

MySQL CVE-2019-2778 Vulnerability (CVE-2019-2778)

Severity

Medium

Classification

CVE-2012-5627 CWE-522

Tags

Missing Update Known Vulnerabilities