Immunity Canvas: MYSQL_AUTH_BYPASS

2004-12-06T05:00:00
ID MYSQL_AUTH_BYPASS
Type canvas
Reporter Immunity Canvas
Modified 2004-12-06T05:00:00

Description

Name| mysql_auth_bypass
---|---
CVE| CVE-2004-0627
Exploit Pack| CANVAS
Description| MySQL authentication bypass
Notes| CVE Name: CVE-2004-0627
OSVDB: http://www.osvdb.org/displayvuln.php?osvdb_id=7475
Notes:
Mysql authentication can be bypass by a special crafted password with zeroed-strings password. Note
that the version 4.1.3 should really be treated as 4.1.03 and can be misleading when testing against
a server that has a version number of say 4.1.20.

Date public: 07/2004
CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0627
CVSS: 10.0