Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-3909

remote user enumeration

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 5.5.28a, 5.3.11, 5.2.13, 5.1.66
    • Fix Version/s: 5.5.29, 5.2.14, 5.3.12
    • Component/s: None
    • Labels:
      None

      Description

      During the initial handshake, the server replies immediately to the incorrect user name with "Access denied". But if the user name is correct, but the authentication mechanism is not - like a short scramble, when a long one is needed, or a plugin should be used - the server might reply "try different auth plugin (or scamble length)".

      This allows to detect what user accounts exists in the server.

        Attachments

          Activity

            People

            Assignee:
            serg Sergei Golubchik
            Reporter:
            serg Sergei Golubchik
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: