Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Trust the World's Fastest VPN with Your Internet Security & Freedom - A Lifetime Subscription of PureVPN at 88% off. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×
Network

Submission + - MariaDB and MySQL Authentication Bypass Exploit (batblue.com)

JohnBert writes: "A security bug in MariaDB and MySQL has been revealed, allowing a known username and password to access the master user table of a MySQL server and dump it into a locally-stored file. By using a tool like John the Ripper, this file can be easily cracked to reveal text passwords that can provide further access. By committing a threaded brute-force module that abuses the authentication bypass flaw to automatically dump the password database, you can access the database using the cracked password hashes even if the authentication bypass vulnerability is fixed."
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

MariaDB and MySQL Authentication Bypass Exploit

Comments Filter:

Consultants are mystical people who ask a company for a number and then give it back to them.

Working...