MariaDB 'COM_CHANGE_USER' Command Insecure Salt Generation Security Bypass Vulnerability - Linux

MariaDB is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mariadb:mariadb";...

MySQL 3.23.x/4.0.x COM_CHANGE_USER Password Length Account Compromise Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6373/info A flaw in the password authentication mechanism for MySQL may make it possible for an authenticated database user to compromise the accounts of other database users. The flaw lies in the fact that the server use...

MySQL 3.23.x/4.0.x COM_CHANGE_USER Password Memory Corruption Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6375/info MySQL is prone to a memory corruption vulnerability in the COMCHANGEUSER command. Due to a lack of sufficient bounds checking for client responses to password authentication challenges, it may be possible to...

MySQL Server COM_CHANGE_USER Command Security Bypass

The installed version of MySQL may be affected by a security bypass vulnerability because the salt used during password validation does not change when switching users with the 'COMCHANGEUSER' command. Additionally, the connection is not reset when invalid credentials are submitted. Normally, whe...

MariaDB 'COM_CHANGE_USER' Command Insecure Salt Generation Security Bypass Vulnerability

MariaDB is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mariadb:mariadb";...

CVE-2002-1374

MySQL vulnerable in 3.x up to 3.23.53/3.23.53a and 4.x up to 4.0.5a, where the COM_CHANGE_USER command allows remote attackers to gain privileges via a brute-force, one-character password, because MySQL only compares the provided password against the first character of the real password. The issu...

CVE-2002-1375

The COMCHANGEUSER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response...

CVE-2002-1374

The COMCHANGEUSER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password...

MySQL 3.23.x4.0.x - COM_CHANGE_USER Password Length Account

MySQL 3.23.x4.0.x - COMCHANGEUSER Password Length Account / source: https://www.securityfocus.com/bid/6373/info A flaw in the password authentication mechanism for MySQL may make it possible for an authenticated database user to compromise the accounts of other database users. The flaw lies in th...

MySQL 3.23.x/4.0.x - 'COM_CHANGE_USER' Password Length Account

/ source: https://www.securityfocus.com/bid/6373/info A flaw in the password authentication mechanism for MySQL may make it possible for an authenticated database user to compromise the accounts of other database users. The flaw lies in the fact that the server uses a string returned by the clien...

MySQL 3.23.x/4.0.x - COM_CHANGE_USER Password Memory Corruption

source: https://www.securityfocus.com/bid/6375/info MySQL is prone to a memory corruption vulnerability in the COMCHANGEUSER command. Due to a lack of sufficient bounds checking for client responses to password authentication challenges, it may be possible to corrupt sensitive regions of memory. ...

MySQL 3.23.x4.0.x - COM_CHANGE_USER Password Memory Corruption

MySQL 3.23.x4.0.x - COMCHANGEUSER Password Memory Corruption source: https://www.securityfocus.com/bid/6375/info MySQL is prone to a memory corruption vulnerability in the COMCHANGEUSER command. Due to a lack of sufficient bounds checking for client responses to password authentication challenges...