MySQL.Authentication.Bypass

description-logoDescription

This vulnerability affects MySQL. A remote attacker can use a carefully crafted authentication packet to completely bypass password authentication. The check_scramble_323() function in MySQL allows remote attackers to bypass authentication with a zero-length password.

affected-products-logoAffected Products

MySQL 4.1.x before 4.1.3, and 5.0.

Impact logoImpact

Full access to the database.

recomended-action-logoRecommended Actions

Update to MySQL version 5.1 or newer.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)