Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 5.5.28a, 5.3.11, 5.2.13, 5.1.66
    • Fix Version/s: 5.5.29, 5.2.14, 5.3.12
    • Component/s: None
    • Labels:
      None

      Description

      During the initial handshake, the server replies immediately to the incorrect user name with "Access denied". But if the user name is correct, but the authentication mechanism is not - like a short scramble, when a long one is needed, or a plugin should be used - the server might reply "try different auth plugin (or scamble length)".

      This allows to detect what user accounts exists in the server.

        Gliffy Diagrams

          Attachments

            Activity

            Hide
            serg Sergei Golubchik added a comment - - edited
            Show
            serg Sergei Golubchik added a comment - - edited This is CVE-2012-5615 and http://seclists.org/fulldisclosure/2012/Dec/9
            Hide
            laurynas Laurynas Biveinis added a comment -
            Show
            laurynas Laurynas Biveinis added a comment - This is https://bugs.launchpad.net/percona-server/+bug/1171941 for Percona Server

              People

              • Assignee:
                serg Sergei Golubchik
                Reporter:
                serg Sergei Golubchik
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 hours, 40 minutes
                  2h 40m