Vulnerability Details CVE-2012-5627
Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.114
EPSS Ranking 95.4%
CVSS Severity
CVSS v2 Score 4.0
References
- http://seclists.org/fulldisclosure/2012/Dec/58
- http://seclists.org/fulldisclosure/2012/Dec/83
- http://seclists.org/oss-sec/2012/q4/424
- http://secunia.com/advisories/53372
- http://security.gentoo.org/glsa/glsa-201308-06.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:102
- https://bugzilla.redhat.com/show_bug.cgi?id=883719
- https://mariadb.atlassian.net/browse/MDEV-3915
- http://seclists.org/fulldisclosure/2012/Dec/58
- http://seclists.org/fulldisclosure/2012/Dec/83
- http://seclists.org/oss-sec/2012/q4/424
- http://secunia.com/advisories/53372
- http://security.gentoo.org/glsa/glsa-201308-06.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:102
- https://bugzilla.redhat.com/show_bug.cgi?id=883719
- https://mariadb.atlassian.net/browse/MDEV-3915
Products affected by CVE-2012-5627
-
cpe:2.3:a:mariadb:mariadb:10.0.0
-
cpe:2.3:a:mariadb:mariadb:5.2.0
-
cpe:2.3:a:mariadb:mariadb:5.2.1
-
cpe:2.3:a:mariadb:mariadb:5.2.10
-
cpe:2.3:a:mariadb:mariadb:5.2.11
-
cpe:2.3:a:mariadb:mariadb:5.2.12
-
cpe:2.3:a:mariadb:mariadb:5.2.13
-
cpe:2.3:a:mariadb:mariadb:5.2.2
-
cpe:2.3:a:mariadb:mariadb:5.2.3
-
cpe:2.3:a:mariadb:mariadb:5.2.4
-
cpe:2.3:a:mariadb:mariadb:5.2.5
-
cpe:2.3:a:mariadb:mariadb:5.2.6
-
cpe:2.3:a:mariadb:mariadb:5.2.7
-
cpe:2.3:a:mariadb:mariadb:5.2.8
-
cpe:2.3:a:mariadb:mariadb:5.2.9
-
cpe:2.3:a:mariadb:mariadb:5.3.0
-
cpe:2.3:a:mariadb:mariadb:5.3.1
-
cpe:2.3:a:mariadb:mariadb:5.3.10
-
cpe:2.3:a:mariadb:mariadb:5.3.11
-
cpe:2.3:a:mariadb:mariadb:5.3.2
-
cpe:2.3:a:mariadb:mariadb:5.3.3
-
cpe:2.3:a:mariadb:mariadb:5.3.4
-
cpe:2.3:a:mariadb:mariadb:5.3.5
-
cpe:2.3:a:mariadb:mariadb:5.3.6
-
cpe:2.3:a:mariadb:mariadb:5.3.7
-
cpe:2.3:a:mariadb:mariadb:5.3.8
-
cpe:2.3:a:mariadb:mariadb:5.3.9
-
cpe:2.3:a:mariadb:mariadb:5.5.0
-
cpe:2.3:a:mariadb:mariadb:5.5.20
-
cpe:2.3:a:mariadb:mariadb:5.5.21
-
cpe:2.3:a:mariadb:mariadb:5.5.22
-
cpe:2.3:a:mariadb:mariadb:5.5.23
-
cpe:2.3:a:mariadb:mariadb:5.5.24
-
cpe:2.3:a:mariadb:mariadb:5.5.25
-
cpe:2.3:a:mariadb:mariadb:5.5.27
-
cpe:2.3:a:mariadb:mariadb:5.5.28
-
cpe:2.3:a:mariadb:mariadb:5.5.28a
-
cpe:2.3:a:oracle:mysql:5.5.0
-
cpe:2.3:a:oracle:mysql:5.5.1
-
cpe:2.3:a:oracle:mysql:5.5.10
-
cpe:2.3:a:oracle:mysql:5.5.11
-
cpe:2.3:a:oracle:mysql:5.5.12
-
cpe:2.3:a:oracle:mysql:5.5.13
-
cpe:2.3:a:oracle:mysql:5.5.14
-
cpe:2.3:a:oracle:mysql:5.5.15
-
cpe:2.3:a:oracle:mysql:5.5.16
-
cpe:2.3:a:oracle:mysql:5.5.17
-
cpe:2.3:a:oracle:mysql:5.5.18
-
cpe:2.3:a:oracle:mysql:5.5.19
-
cpe:2.3:a:oracle:mysql:5.5.2
-
cpe:2.3:a:oracle:mysql:5.5.20
-
cpe:2.3:a:oracle:mysql:5.5.21
-
cpe:2.3:a:oracle:mysql:5.5.22
-
cpe:2.3:a:oracle:mysql:5.5.23
-
cpe:2.3:a:oracle:mysql:5.5.24
-
cpe:2.3:a:oracle:mysql:5.5.25
-
cpe:2.3:a:oracle:mysql:5.5.26
-
cpe:2.3:a:oracle:mysql:5.5.27
-
cpe:2.3:a:oracle:mysql:5.5.28
-
cpe:2.3:a:oracle:mysql:5.5.3
-
cpe:2.3:a:oracle:mysql:5.5.4
-
cpe:2.3:a:oracle:mysql:5.5.5
-
cpe:2.3:a:oracle:mysql:5.5.6
-
cpe:2.3:a:oracle:mysql:5.5.7
-
cpe:2.3:a:oracle:mysql:5.5.8
-
cpe:2.3:a:oracle:mysql:5.5.9