MySQL password weakness

2009-05-11T00:00:00
ID SAINT:721D05FE29C8D66A4F49DB8792688AA8
Type saint
Reporter SAINT Corporation
Modified 2009-05-11T00:00:00

Description

Added: 05/11/2009

Background

MySQL is an open-source database software package available for multiple platforms.

Problem

A MySQL database account has no password or an easily guessed password, allowing a remote attacker to make unauthorized queries.

Resolution

Set a strong password for all MySQL accounts.

References

<http://dev.mysql.com/doc/refman/5.0/en/default-privileges.html>
<http://dev.mysql.com/doc/refman/5.0/en/user-names.html>

Limitations

The mysql client program is required.

If successful, this exploit returns an SQL command shell, not an operating system command shell.