QwikSec

Security Database

CVE

CWE

Training

CVE-2012-2122

Published: Jun 26, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://bugs.mysql.com/bug.php?id=64884

x_refsource_MISC

vdb-entry

x_refsource_BID

exploit

x_refsource_EXPLOIT-DB

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_GENTOO

SUSE-SU-2012:0984

vendor-advisory

x_refsource_SUSE

https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql

x_refsource_MISC

vdb-entry

x_refsource_SECTRACK

third-party-advisory

x_refsource_SECUNIA

[oss-security] 20120609 Security vulnerability in MySQL/MariaDB sql/password.c

mailing-list

x_refsource_MLIST

http://kb.askmonty.org/en/mariadb-5162-release-notes/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.