Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 5.5.28a, 5.3.11, 5.2.13, 5.1.66
    • Fix Version/s: 5.5.29, 5.2.14, 5.3.12
    • Component/s: None
    • Labels:
      None

      Description

      During the initial handshake, the server replies immediately to the incorrect user name with "Access denied". But if the user name is correct, but the authentication mechanism is not - like a short scramble, when a long one is needed, or a plugin should be used - the server might reply "try different auth plugin (or scamble length)".

      This allows to detect what user accounts exists in the server.

        Activity

        Hide
        serg Sergei Golubchik added a comment - - edited
        Show
        serg Sergei Golubchik added a comment - - edited This is CVE-2012-5615 and http://seclists.org/fulldisclosure/2012/Dec/9
        Hide
        laurynas Laurynas Biveinis added a comment -
        Show
        laurynas Laurynas Biveinis added a comment - This is https://bugs.launchpad.net/percona-server/+bug/1171941 for Percona Server

          People

          • Assignee:
            serg Sergei Golubchik
            Reporter:
            serg Sergei Golubchik
          • Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Time Tracking

              Estimated:
              Original Estimate - Not Specified
              Not Specified
              Remaining:
              Remaining Estimate - 0 minutes
              0m
              Logged:
              Time Spent - 2 hours, 40 minutes
              2h 40m