4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
61.2%
Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and
5.2.x before 5.2.14 does not modify the salt during multiple executions of
the change_user command within the same connection which makes it easier
for remote authenticated users to conduct brute force password guessing
attacks.
Author | Note |
---|---|
mdeslaur | as of 2016-11-23, no indication of fix from upstream MySQL. marking this as ignored since we will not diverge from upstream. |