Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 5.5.28a, 5.3.11, 5.2.13, 5.1.66
    • 5.5.29, 5.2.14, 5.3.12
    • None
    • None

    Description

      During the initial handshake, the server replies immediately to the incorrect user name with "Access denied". But if the user name is correct, but the authentication mechanism is not - like a short scramble, when a long one is needed, or a plugin should be used - the server might reply "try different auth plugin (or scamble length)".

      This allows to detect what user accounts exists in the server.

      Attachments

        Activity

          serg Sergei Golubchik added a comment - - edited
          serg Sergei Golubchik added a comment - - edited This is CVE-2012-5615 and http://seclists.org/fulldisclosure/2012/Dec/9
          laurynas Laurynas Biveinis added a comment - This is https://bugs.launchpad.net/percona-server/+bug/1171941 for Percona Server

          People

            serg Sergei Golubchik
            serg Sergei Golubchik
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.