ID de Prueba:	1.3.6.1.4.1.25623.1.0.804037
Categoría:	Databases
Título:	MariaDB 'COM_CHANGE_USER' Command Insecure Salt Generation Security Bypass Vulnerability
Resumen:	MariaDB is prone to a security bypass vulnerability.
Descripción:	Summary: MariaDB is prone to a security bypass vulnerability. Vulnerability Insight: Flaw that is triggered when a remote attacker attempts to login to a user's account via the COM_CHANGE_USER command. This command fails to properly disconnect the attacker from the server upon a failed login attempt. Vulnerability Impact: Successful exploitation will allow remote attackers to more easily gain access to a user's account via a brute-force attack. Affected Software/OS: MariaDB versions 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 on Windows Solution: Upgrade to MariaDB version 5.2.14, 5.3.12, 5.5.29 or later. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-5627 20121203 MySQL Local/Remote FAST Account Password Cracking http://seclists.org/fulldisclosure/2012/Dec/58 20121205 Re: MySQL Local/Remote FAST Account Password Cracking http://seclists.org/fulldisclosure/2012/Dec/83 53372 http://secunia.com/advisories/53372 GLSA-201308-06 http://security.gentoo.org/glsa/glsa-201308-06.xml MDVSA-2013:102 http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 [oss-security] 20121206 Re: CVE request: Mysql/Mariadb insecure salt-usage http://seclists.org/oss-sec/2012/q4/424 https://bugzilla.redhat.com/show_bug.cgi?id=883719 https://mariadb.atlassian.net/browse/MDEV-3915
Copyright	Copyright (C) 2013 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.