Intrusion Prevention

MySQL.Account.Compromise

Description

It indicates a possible exploit of "Account compromise" vulnerability in MySQL database server software.


MySQL is an open source database based on Structured Query Language (SQL). An Account compromise vulnerability is reported in it that may allow an attacker to guess password of other database user by brute force attack. Due to flaw in the authentication process, a client can get authenticated into server by guessing first character of password of any database user. An attacker can easily exploit this by brute force attack because the range of valid characters are only 32. This will lead to compromise of entire database if an attacker gains root authentication.

Affected Products

AB MySQL 3.23.53a and earlier versions.

Impact

Compromised of the affected Database server.

Recommended Actions

Upgrade to MySQL 3.23.54 or later non-vulnerable version.

CVE References

CVE-2002-1374