Percona Server with XtraDB

CVE-2012-5615 security bug

Reported by Martin Arrieta on 2013-04-23
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Percona Server
Status tracked in 5.6
5.1
High
Sergei Glushchenko
5.5
High
Sergei Glushchenko
5.6
High
Sergei Glushchenko

Bug Description

During the initial handshake, the server replies immediately to the incorrect user name with "Access denied". But if the user name is correct, but the authentication mechanism is not - like a short scramble, when a long one is needed, or a plugin should be used - the server might reply "try different auth plugin (or scamble length)".
This allows to detect what user accounts exists in the server.

Tested on 5.5.30-30.2 Percona Server (GPL), Release rel30.2, Revision 508

[root@textbox ~]# perl mysql_userenum.pl localhost wordlist
[*] HIT! -- USER EXISTS: pepe@localhost

More information:

http://seclists.org/fulldisclosure/2012/Dec/9
https://mariadb.atlassian.net/browse/MDEV-3909 <---- Fixed

information type: Private Security → Public
tags: added: security
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers