Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-3909

remote user enumeration

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 5.5.28a, 5.3.11, 5.2.13, 5.1.66
    • 5.5.29, 5.2.14, 5.3.12
    • None
    • None

    Description

      During the initial handshake, the server replies immediately to the incorrect user name with "Access denied". But if the user name is correct, but the authentication mechanism is not - like a short scramble, when a long one is needed, or a plugin should be used - the server might reply "try different auth plugin (or scamble length)".

      This allows to detect what user accounts exists in the server.

      Attachments

        Activity

          People

            serg Sergei Golubchik
            serg Sergei Golubchik
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.