The Oracle MySQL sql/password.c in 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and** MariaDB** in 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of thememcmp function.

Impact

This issue may allow remote attackers to bypass authentication by repeatedly attempting to authenticate with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly checked return value.

CPENameOperatorVersion
big-ip afmeq11.3.0
big-ip afmeq11.4.0
big-ip analyticseq11.0.0
big-ip analyticseq11.1.0
big-ip analyticseq11.2.0
big-ip analyticseq11.2.1
big-ip analyticseq11.3.0
big-ip analyticseq11.4.0
big-ip aameq11.4.0
big-ip apmeq10.1.0

Name	Operator	Version
big-ip afm	eq	11.3.0
big-ip afm	eq	11.4.0
big-ip analytics	eq	11.0.0
big-ip analytics	eq	11.1.0
big-ip analytics	eq	11.2.0
big-ip analytics	eq	11.2.1
big-ip analytics	eq	11.3.0
big-ip analytics	eq	11.4.0
big-ip aam	eq	11.4.0
big-ip apm	eq	10.1.0

Rows per page:

1-10 of 2491

canvas 1

securityvulns 2

ubuntucve 1

openvas 23

nessus 21

fedora 4

packetstorm 2

ubuntu 1

checkpoint_advisories 1

prion 1

osv 1

suse 2

seebug 1

metasploit 1

cve 1

amazon 1

thn 1

threatpost 1

veracode 1

f5 1

exploitdb 1

nmap 1

oraclelinux 1

centos 2

redhat 2

debian 1

kitploit 1

gentoo 1

canvas

Immunity Canvas: MYSQL_LOGIN_REMOTE

2012-06-26 18:55:00

securityvulns

[USN-1467-1] MySQL vulnerabilities

2012-06-12 00:00:00

MySQL authentication vulnerability

2012-06-12 00:00:00

ubuntucve

CVE-2012-2122

2012-06-11 00:00:00

openvas

openSUSE: Security Advisory for mysql (openSUSE-SU-2012:0860-1)

2012-12-13 00:00:00

Fedora Update for mysql FEDORA-2012-9308

2012-08-30 00:00:00

Fedora Update for mysql FEDORA-2012-9308

2012-08-30 00:00:00

nessus

openSUSE Security Update : mysql-cluster (openSUSE-SU-2012:0860-1)

2014-06-13 00:00:00

Fedora 16 : mysql-5.5.24-1.fc16 (2012-9324)

2012-06-27 00:00:00

MySQL Authentication Protocol Token Comparison Casting Failure Password Bypass

2012-08-02 00:00:00

fedora

[SECURITY] Fedora 17 Update: mysql-5.5.24-1.fc17

2012-06-17 22:24:29

[SECURITY] Fedora 16 Update: mysql-5.5.24-1.fc16

2012-06-26 21:30:56

[SECURITY] Fedora 17 Update: mysql-5.5.28-2.fc17

2012-12-15 18:00:29

packetstorm

Kartoo Search Engine XSS / Remote File Inclusion

2013-11-19 00:00:00

MySQL Remote Root Authentication Bypass

2012-06-12 00:00:00

ubuntu

MySQL vulnerabilities

2012-06-11 00:00:00

checkpoint_advisories

MySQL and MariaDB Incorrect Cast Policy Bypass - Ver2 (CVE-2012-2122)

2015-03-26 00:00:00

prion

Authentication flaw

2012-06-26 18:55:00

osv

mysql-5.1 - several

2012-06-18 00:00:00

suse

mysql (CVE-2012-2122) (important)

2012-07-11 11:08:34

Security update for MySQL (important)

2012-08-13 19:08:39

seebug

MariaDB/MySQL 概率性任意密码(身份认证)登录漏洞(CVE-2012-2122)

2012-06-11 00:00:00

metasploit

MySQL Authentication Bypass Password Dump

2012-06-17 11:19:53

cve

CVE-2012-2122

2012-06-26 18:55:00

amazon

Important: mysql55

2012-07-05 16:07:00

thn

CVE-2012-2122 : Serious Mysql Authentication Bypass Vulnerability

2012-06-11 07:29:00

threatpost

Trivial Password Flaw Leaves MySQL Databases Exposed

2012-06-11 14:03:23

veracode

Privilege Escalation

2021-08-28 21:30:09

SOL14428 - MySQL vulnerability CVE-2012-2122

2013-05-23 00:00:00

exploitdb

HackBack - A DIY Guide

2016-04-17 00:00:00

nmap

mysql-vuln-cve2012-2122 NSE Script

2012-06-13 06:12:13

oraclelinux

mysql security update

2013-01-22 00:00:00

centos

mysql security update

2013-01-22 21:34:28

mysql security update

2012-11-15 03:44:02

redhat

(RHSA-2013:0180) Important: mysql security update

2013-01-22 00:00:00

(RHSA-2012:1462) Important: mysql security update

2012-11-14 00:00:00

debian

[SECURITY] [DSA 2496-1] mysql-5.1 security update

2012-06-18 20:37:59

kitploit

Jok3R - Network And Web Pentest Framework

2019-01-23 12:25:00

gentoo

MySQL: Multiple vulnerabilities

2013-08-29 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

6.7 Medium

AI Score

Confidence

Low

JSON

Related for F5:K14428