4 matches found
MySQL Zero-length Scrambled String Crafted Packet Authentication Bypass
A bug in the version of MySQL running on the remote host allows a remote attacker to bypass the password authentication mechanism using a specially crafted packet with a zero-length scramble buff string. An attacker with knowledge of an existing account defined to the affected service can leverag...
FreeBSD Ports: mysql-server
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Immunity Canvas: MYSQL_AUTH_BYPASS
Name| mysqlauthbypass ---|--- CVE| CVE-2004-0627 Exploit Pack| CANVAS Description| MySQL authentication bypass Notes| CVE Name: CVE-2004-0627 OSVDB: http://www.osvdb.org/displayvuln.php?osvdbid=7475 Notes: Mysql authentication can be bypass by a special crafted password with zeroed-strings...
CVE-2004-0627
CVE-2004-0627 affects MySQL 4.1.x (before 4.1.3) and 5.0. A vulnerability in the check_scramble_323 function allows a remote attacker to bypass authentication by sending a zero-length scrambled string, enabling login to a valid account. The issue is exploitable over the network and is documented ...