CVE 2012-5615
Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.
Related bugs and status
CVE-2012-5615 (Candidate) is related to these bugs:
Bug #1171941: CVE-2012-5615 security bug
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1171941 | CVE-2012-5615 security bug | Percona Server moved to https://jira.percona.com/projects/PS | High | Fix Released | ||
1171941 | CVE-2012-5615 security bug | Percona Server moved to https://jira.percona.com/projects/PS 5.1 | High | Invalid | ||
1171941 | CVE-2012-5615 security bug | Percona Server moved to https://jira.percona.com/projects/PS 5.5 | High | Fix Released | ||
1171941 | CVE-2012-5615 security bug | Percona Server moved to https://jira.percona.com/projects/PS 5.6 | High | Fix Released |
Bug #1475294: mysql 5.5.44, 5.6.25 security update tracking bug
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1475294 | mysql 5.5.44, 5.6.25 security update tracking bug | mysql-5.5 (Ubuntu) | Undecided | Invalid | ||
1475294 | mysql 5.5.44, 5.6.25 security update tracking bug | mysql-5.5 (Ubuntu Utopic) | Medium | Fix Released | ||
1475294 | mysql 5.5.44, 5.6.25 security update tracking bug | mysql-5.5 (Ubuntu Trusty) | Medium | Fix Released | ||
1475294 | mysql 5.5.44, 5.6.25 security update tracking bug | mysql-5.5 (Ubuntu Precise) | Medium | Fix Released | ||
1475294 | mysql 5.5.44, 5.6.25 security update tracking bug | mysql-5.6 (Ubuntu) | Medium | Fix Released | ||
1475294 | mysql 5.5.44, 5.6.25 security update tracking bug | mysql-5.6 (Ubuntu Precise) | Undecided | Invalid | ||
1475294 | mysql 5.5.44, 5.6.25 security update tracking bug | mysql-5.6 (Ubuntu Trusty) | Undecided | Confirmed | ||
1475294 | mysql 5.5.44, 5.6.25 security update tracking bug | mysql-5.6 (Ubuntu Utopic) | Undecided | Confirmed | ||
1475294 | mysql 5.5.44, 5.6.25 security update tracking bug | mysql-5.5 (Ubuntu Wily) | Undecided | Invalid | ||
1475294 | mysql 5.5.44, 5.6.25 security update tracking bug | mysql-5.6 (Ubuntu Wily) | Medium | Fix Released | ||
1475294 | mysql 5.5.44, 5.6.25 security update tracking bug | mysql-5.5 (Ubuntu Vivid) | Undecided | Invalid | ||
1475294 | mysql 5.5.44, 5.6.25 security update tracking bug | mysql-5.6 (Ubuntu Vivid) | Medium | Fix Released |
See the
CVE page on Mitre.org
for more details.