Vulnerability Details CVE-2012-5627
Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.04
EPSS Ranking 87.8%
CVSS Severity
CVSS v2 Score 4.0
References
- http://seclists.org/fulldisclosure/2012/Dec/58
- http://seclists.org/fulldisclosure/2012/Dec/83
- http://seclists.org/oss-sec/2012/q4/424
- http://secunia.com/advisories/53372
- http://security.gentoo.org/glsa/glsa-201308-06.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:102
- https://bugzilla.redhat.com/show_bug.cgi?id=883719
- https://mariadb.atlassian.net/browse/MDEV-3915
- http://seclists.org/fulldisclosure/2012/Dec/58
- http://seclists.org/fulldisclosure/2012/Dec/83
- http://seclists.org/oss-sec/2012/q4/424
- http://secunia.com/advisories/53372
- http://security.gentoo.org/glsa/glsa-201308-06.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:102
- https://bugzilla.redhat.com/show_bug.cgi?id=883719
- https://mariadb.atlassian.net/browse/MDEV-3915
Products affected by CVE-2012-5627
-
cpe:2.3:a:mariadb:mariadb:10.0.0
-
cpe:2.3:a:mariadb:mariadb:5.2.0
-
cpe:2.3:a:mariadb:mariadb:5.2.1
-
cpe:2.3:a:mariadb:mariadb:5.2.10
-
cpe:2.3:a:mariadb:mariadb:5.2.11
-
cpe:2.3:a:mariadb:mariadb:5.2.12
-
cpe:2.3:a:mariadb:mariadb:5.2.13
-
cpe:2.3:a:mariadb:mariadb:5.2.2
-
cpe:2.3:a:mariadb:mariadb:5.2.3
-
cpe:2.3:a:mariadb:mariadb:5.2.4
-
cpe:2.3:a:mariadb:mariadb:5.2.5
-
cpe:2.3:a:mariadb:mariadb:5.2.6
-
cpe:2.3:a:mariadb:mariadb:5.2.7
-
cpe:2.3:a:mariadb:mariadb:5.2.8
-
cpe:2.3:a:mariadb:mariadb:5.2.9
-
cpe:2.3:a:mariadb:mariadb:5.3.0
-
cpe:2.3:a:mariadb:mariadb:5.3.1
-
cpe:2.3:a:mariadb:mariadb:5.3.10
-
cpe:2.3:a:mariadb:mariadb:5.3.11
-
cpe:2.3:a:mariadb:mariadb:5.3.2
-
cpe:2.3:a:mariadb:mariadb:5.3.3
-
cpe:2.3:a:mariadb:mariadb:5.3.4
-
cpe:2.3:a:mariadb:mariadb:5.3.5
-
cpe:2.3:a:mariadb:mariadb:5.3.6
-
cpe:2.3:a:mariadb:mariadb:5.3.7
-
cpe:2.3:a:mariadb:mariadb:5.3.8
-
cpe:2.3:a:mariadb:mariadb:5.3.9
-
cpe:2.3:a:mariadb:mariadb:5.5.0
-
cpe:2.3:a:mariadb:mariadb:5.5.20
-
cpe:2.3:a:mariadb:mariadb:5.5.21
-
cpe:2.3:a:mariadb:mariadb:5.5.22
-
cpe:2.3:a:mariadb:mariadb:5.5.23
-
cpe:2.3:a:mariadb:mariadb:5.5.24
-
cpe:2.3:a:mariadb:mariadb:5.5.25
-
cpe:2.3:a:mariadb:mariadb:5.5.27
-
cpe:2.3:a:mariadb:mariadb:5.5.28
-
cpe:2.3:a:mariadb:mariadb:5.5.28a
-
cpe:2.3:a:oracle:mysql:5.5.0
-
cpe:2.3:a:oracle:mysql:5.5.1
-
cpe:2.3:a:oracle:mysql:5.5.10
-
cpe:2.3:a:oracle:mysql:5.5.11
-
cpe:2.3:a:oracle:mysql:5.5.12
-
cpe:2.3:a:oracle:mysql:5.5.13
-
cpe:2.3:a:oracle:mysql:5.5.14
-
cpe:2.3:a:oracle:mysql:5.5.15
-
cpe:2.3:a:oracle:mysql:5.5.16
-
cpe:2.3:a:oracle:mysql:5.5.17
-
cpe:2.3:a:oracle:mysql:5.5.18
-
cpe:2.3:a:oracle:mysql:5.5.19
-
cpe:2.3:a:oracle:mysql:5.5.2
-
cpe:2.3:a:oracle:mysql:5.5.20
-
cpe:2.3:a:oracle:mysql:5.5.21
-
cpe:2.3:a:oracle:mysql:5.5.22
-
cpe:2.3:a:oracle:mysql:5.5.23
-
cpe:2.3:a:oracle:mysql:5.5.24
-
cpe:2.3:a:oracle:mysql:5.5.25
-
cpe:2.3:a:oracle:mysql:5.5.26
-
cpe:2.3:a:oracle:mysql:5.5.27
-
cpe:2.3:a:oracle:mysql:5.5.28
-
cpe:2.3:a:oracle:mysql:5.5.3
-
cpe:2.3:a:oracle:mysql:5.5.4
-
cpe:2.3:a:oracle:mysql:5.5.5
-
cpe:2.3:a:oracle:mysql:5.5.6
-
cpe:2.3:a:oracle:mysql:5.5.7
-
cpe:2.3:a:oracle:mysql:5.5.8
-
cpe:2.3:a:oracle:mysql:5.5.9