We're updating the issue view to help you get more done.Learn more

remote user enumeration

During the initial handshake, the server replies immediately to the incorrect user name with "Access denied". But if the user name is correct, but the authentication mechanism is not - like a short scramble, when a long one is needed, or a plugin should be used - the server might reply "try different auth plugin (or scamble length)".

This allows to detect what user accounts exists in the server.

Status

Assignee

Sergei Golubchik

Reporter

Sergei Golubchik

Fix versions

Affects versions

5.5.28a
5.3.11
5.2.13
5.1.66

Priority

Major