Security flaw in MySQL, MariaDB allows access with any password—just keep submitting it
When the latest release of MariaDB was announced in April by MontyProgram AB founder and MySQL creator Michael "Monty" Widenius, it came with a warning from Widenius that a severe security bug had been discovered in previous versions of both MariaDB and MySQL. Oracle subsequently released a patch for MySQL. Now the details of the flaw, and the extent of the vulnerability, have been revealed: it could allow anyone who knows a valid user account on the database to connect using any password with a brute-force attack. The affected versions of both...
Published By: Ars Technica - Monday, 11 June, 2012
blog comments powered by Disqus