MySQL AB ODBC Driver 3.51 Plain Text Password Vulnerability

2003-07-22T00:00:00
ID EDB-ID:22946
Type exploitdb
Reporter hanez
Modified 2003-07-22T00:00:00

Description

MySQL AB ODBC Driver 3.51 Plain Text Password Vulnerability. Local exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/8245/info

A vulnerability has been reported in the MySQL AB ODBC (Open Data Base Connectivity) driver implementation. The MySQL ODBC driver reportedly stores plain text credentials used to connect to the specified database in the system registry.

These credentials may be disclosed and used to connect to the target database.

Other ODBC drivers may also be prone to the same issue, though this is not confirmed.

[HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBC.INI\TESTDSN]
"Driver"="C:\\WINDOWS\\System32\\myodbc3.dll"
"Description"="MySQL ODBC 3.51 Driver DSN"
"Database"="test"
"Server"="192.168.0.1"
"User"="user_name"
"Password"="plain_password"
"Port"="3306"
"Option"="3"
"Stmt"=""