CVE-2012-5627

Published: Oct 1, 2013Modified: Apr 29, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.

Affected (5)

Products: Oracle: Mysql · Mariadb: Mariadb

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Mysql	From 5.5.0 to 5.5.29

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Mariadb Mariadb	From 5.2.0 to 5.2.14
Mariadb Mariadb	From 5.3.0 to 5.3.12
Mariadb Mariadb	From 5.5.0 to 5.5.29
Mariadb Mariadb	Version 10.0.0

Related CWEs

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (16)

http://seclists.org/fulldisclosure/2012/Dec/58

Source: secalert@redhat.com

ExploitMailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2012/Dec/83

Source: secalert@redhat.com

ExploitMailing ListThird Party Advisory

http://seclists.org/oss-sec/2012/q4/424

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://secunia.com/advisories/53372

Source: secalert@redhat.com

Not Applicable

http://security.gentoo.org/glsa/glsa-201308-06.xml

Source: secalert@redhat.com

PatchThird Party AdvisoryVDB Entry

http://www.mandriva.com/security/advisories?name=MDVSA-2013:102

Source: secalert@redhat.com

Broken Link

https://bugzilla.redhat.com/show_bug.cgi?id=883719

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://mariadb.atlassian.net/browse/MDEV-3915

Source: secalert@redhat.com

Broken LinkVendor Advisory

http://seclists.org/fulldisclosure/2012/Dec/58

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2012/Dec/83

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

http://seclists.org/oss-sec/2012/q4/424

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://secunia.com/advisories/53372

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

http://security.gentoo.org/glsa/glsa-201308-06.xml

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party AdvisoryVDB Entry

http://www.mandriva.com/security/advisories?name=MDVSA-2013:102

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://bugzilla.redhat.com/show_bug.cgi?id=883719

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://mariadb.atlassian.net/browse/MDEV-3915

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkVendor Advisory

Timeline

No history available yet.