[MDEV-3909] remote user enumeration Created: 2012-12-02 Updated: 2014-03-17 Resolved: 2013-01-25 |
|
| Status: | Closed |
| Project: | MariaDB Server |
| Component/s: | None |
| Affects Version/s: | 5.5.28a, 5.3.11, 5.2.13, 5.1.66 |
| Fix Version/s: | 5.5.29, 5.2.14, 5.3.12 |
| Type: | Bug | Priority: | Major |
| Reporter: | Sergei Golubchik | Assignee: | Sergei Golubchik |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Description |
|
During the initial handshake, the server replies immediately to the incorrect user name with "Access denied". But if the user name is correct, but the authentication mechanism is not - like a short scramble, when a long one is needed, or a plugin should be used - the server might reply "try different auth plugin (or scamble length)". This allows to detect what user accounts exists in the server. |
| Comments |
| Comment by Sergei Golubchik [ 2012-12-02 ] |
|
This is CVE-2012-5615 and http://seclists.org/fulldisclosure/2012/Dec/9 |
| Comment by Laurynas Biveinis [ 2014-03-17 ] |
|
This is https://bugs.launchpad.net/percona-server/+bug/1171941 for Percona Server |