CVE-2002-1374

MySQL vulnerable in 3.x up to 3.23.53/3.23.53a and 4.x up to 4.0.5a, where the COM_CHANGE_USER command allows remote attackers to gain privileges via a brute-force, one-character password, because MySQL only compares the provided password against the first character of the real password. The issu...

CVE-2002-1374

The COMCHANGEUSER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password...