← Back

CVE-2012-2122

nvd nistnuclei
Published: Jun 26, 2012Modified: Apr 29, 2026

JSON object

Loading...
5.1
Vector
AV:N/AC:H/Au:N/C:P/I:P/A:P
Exploitability: 4.9 / Impact: 6.4
Source: NVD

Description

sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.

Affected (61)

Products: Oracle: Mysql · Mariadb: Mariadb
Oracle
1 product
Mysql
Mariadb
1 product
Mariadb
Configuration A
12 vulnerable
Vulnerable SoftwareAffected Versions
Oracle
Mysql
Version 5.1.51
Mysql
Version 5.1.52
Mysql
Version 5.1.52 sp1
Mysql
Version 5.1.53
Mysql
Version 5.1.54
Mysql
Version 5.1.55
Mysql
Version 5.1.56
Mysql
Version 5.1.57
Mysql
Version 5.1.58
Mysql
Version 5.1.59
Mysql
Version 5.1.60
Mysql
Version 5.1.61
Configuration B
12 vulnerable
Vulnerable SoftwareAffected Versions
Oracle
Mysql
Version 5.5.10
Mysql
Version 5.5.11
Mysql
Version 5.5.12
Mysql
Version 5.5.13
Mysql
Version 5.5.14
Mysql
Version 5.5.15
Mysql
Version 5.5.16
Mysql
Version 5.5.17
Mysql
Version 5.5.18
Mysql
Version 5.5.19
Mysql
Version 5.5.20
Mysql
Version 5.5.21
Configuration C
4 vulnerable
Vulnerable SoftwareAffected Versions
Oracle
Mysql
Version 5.6.2
Mysql
Version 5.6.3
Mysql
Version 5.6.4
Mysql
Version 5.6.5
Configuration D
11 vulnerable
Vulnerable SoftwareAffected Versions
Mariadb
Mariadb
Version 5.1.41
Mariadb
Version 5.1.42
Mariadb
Version 5.1.44
Mariadb
Version 5.1.47
Mariadb
Version 5.1.49
Mariadb
Version 5.1.50
Mariadb
Version 5.1.51
Mariadb
Version 5.1.53
Mariadb
Version 5.1.55
Mariadb
Version 5.1.60
Mariadb
Version 5.1.61
Configuration E
12 vulnerable
Vulnerable SoftwareAffected Versions
Mariadb
Mariadb
Version 5.2.0
Mariadb
Version 5.2.10
Mariadb
Version 5.2.11
Mariadb
Version 5.2.1
Mariadb
Version 5.2.2
Mariadb
Version 5.2.3
Mariadb
Version 5.2.4
Mariadb
Version 5.2.5
Mariadb
Version 5.2.6
Mariadb
Version 5.2.7
Mariadb
Version 5.2.8
Mariadb
Version 5.2.9
Configuration F
7 vulnerable
Vulnerable SoftwareAffected Versions
Mariadb
Mariadb
Version 5.3.0
Mariadb
Version 5.3.1
Mariadb
Version 5.3.2
Mariadb
Version 5.3.3
Mariadb
Version 5.3.4
Mariadb
Version 5.3.5
Mariadb
Version 5.3.6
Configuration G
3 vulnerable
Vulnerable SoftwareAffected Versions
Mariadb
Mariadb
Version 5.5.20
Mariadb
Version 5.5.21
Mariadb
Version 5.5.22

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (22)

Source: secalert@redhat.com
Exploit
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Patch
Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Exploit
Source: secalert@redhat.com
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit

Timeline

No history available yet.