Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 5.5.28a, 5.3.11, 5.2.13, 5.1.66
    • Fix Version/s: 5.5.29, 5.3.12, 5.2.14
    • Labels:
      None
    • Global Rank:
      2225

      Description

      During the initial handshake, the server replies immediately to the incorrect user name with "Access denied". But if the user name is correct, but the authentication mechanism is not - like a short scramble, when a long one is needed, or a plugin should be used - the server might reply "try different auth plugin (or scamble length)".

      This allows to detect what user accounts exists in the server.

        Activity

        Hide
        Sergei Golubchik added a comment - - edited
        Show
        Sergei Golubchik added a comment - - edited This is CVE-2012-5615 and http://seclists.org/fulldisclosure/2012/Dec/9
        Hide
        Laurynas Biveinis added a comment -
        Show
        Laurynas Biveinis added a comment - This is https://bugs.launchpad.net/percona-server/+bug/1171941 for Percona Server

          People

          • Assignee:
            Sergei Golubchik
            Reporter:
            Sergei Golubchik
          • Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Time Tracking

              Estimated:
              Original Estimate - Not Specified
              Not Specified
              Remaining:
              Remaining Estimate - 0 minutes
              0m
              Logged:
              Time Spent - 2 hours, 40 minutes
              2h 40m