MySQL Vulnerability Allows Attackers to Bypass Password Verification

Users should upgrade to patched versions of the database as soon as possible.

NetworkWorld: Security researchers have released exploit details for a security vulnerability in MySQL that could allow attackers to access databases without entering a correct password. The vulnerability affects Linux systems that use an SSE-optimized glibc and that are running MySQL. On those systems, an attacker can gain access to the database after entering an incorrect password about 1 out of every 256 times. "300 attempts takes only a fraction of second, so basically account password protection is as good as nonexistent," noted security expert Sergei Golubchik.

The MySQL patches numbered 5.1.63 and 5.5.25, both released in May, address this security vulnerability. Now that exploit code has been made public, IT administrators are encouraged to install the updates as soon as possible.




Tags: MySQL, database, security vulnerabilities


0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.