sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
History
No history.
Information
Published : 2012-06-26 18:55
Updated : 2024-02-28 12:00
NVD link : CVE-2012-2122
Mitre link : CVE-2012-2122
CVE.ORG link : CVE-2012-2122
JSON object : View
Products Affected
mariadb
- mariadb
oracle
- mysql
CWE
CWE-287
Improper Authentication