Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 5.5.28a, 5.3.11, 5.2.13, 5.1.66
    • Fix Version/s: 5.5.29, 5.2.14, 5.3.12
    • Component/s: None
    • Labels:
      None

      Description

      During the initial handshake, the server replies immediately to the incorrect user name with "Access denied". But if the user name is correct, but the authentication mechanism is not - like a short scramble, when a long one is needed, or a plugin should be used - the server might reply "try different auth plugin (or scamble length)".

      This allows to detect what user accounts exists in the server.

        Gliffy Diagrams

          Activity

          Hide
          serg Sergei Golubchik added a comment - - edited
          Show
          serg Sergei Golubchik added a comment - - edited This is CVE-2012-5615 and http://seclists.org/fulldisclosure/2012/Dec/9
          Hide
          laurynas Laurynas Biveinis added a comment -
          Show
          laurynas Laurynas Biveinis added a comment - This is https://bugs.launchpad.net/percona-server/+bug/1171941 for Percona Server

            People

            • Assignee:
              serg Sergei Golubchik
              Reporter:
              serg Sergei Golubchik
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 2 hours, 40 minutes
                2h 40m