dcsimg

MySQL Vulnerability Allows Attackers to Bypass Password Verification

SHARE
Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
Email  

NetworkWorld: Security researchers have released exploit details for a security vulnerability in MySQL that could allow attackers to access databases without entering a correct password. The vulnerability affects Linux systems that use an SSE-optimized glibc and that are running MySQL. On those systems, an attacker can gain access to the database after entering an incorrect password about 1 out of every 256 times. "300 attempts takes only a fraction of second, so basically account password protection is as good as nonexistent," noted security expert Sergei Golubchik.

The MySQL patches numbered 5.1.63 and 5.5.25, both released in May, address this security vulnerability. Now that exploit code has been made public, IT administrators are encouraged to install the updates as soon as possible.

Submit a Comment

Loading Comments...

NewsletterDATAMATION DAILY NEWSLETTER

SUBSCRIBE TO OUR IT MANAGEMENT NEWSLETTER