1 min read

MySQL, MariaDB Flaw Allows Root Access with Wrong Passwords

Bogdan BOTEZATU

June 12, 2012

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
MySQL, MariaDB Flaw Allows Root Access with Wrong Passwords

A critical vulnerability in the MySQL and MariaDB database servers allows attackers to gain root access with wrong passwords – if they are persistent enough. This flaw affects one of the most popular database systems in the world and can result in significant data loss when successfully exploited. To add insult to injury, the exploitation technique is a no-brainer, as all the attacker has to do is keep trying passwords.

The responsibility for this major failure seems to reside in the fact that the server expects the memcmp() function to return a value between -127 and 127. However, some server setups often return a value outside the boundary, which confuses the routines that compare the entered password with its hashed value. This, in turn, validates the wrong password against the stored hash. Shortly put, there is a 1 in 256 chance that any password would be accepted as valid.

When a user connects to MariaDB/MySQL, a token (SHA over a password and a random scramble string) is calculated and compared with the expected value,“ wrote Sergei Golubchik in a post on the OS-Sec mailing list. “Because of incorrect casting, it might’ve happened that the token and the expected value were considered equal, even if the memcmp() returned a non-zero value. In this case, MySQL/MariaDB would think that the password is correct, even while it is not. Because the protocol uses random strings, the probability of hitting this bug is about 1/256.”

MySQL database servers are used in nearly all areas, ranging from personal and commercial to the military. Fortunately though, some Linux distributions bind the MySQL daemon to localhost, preventing remote access to the service. This means that an attacker won`t be able to access the server without access to the machine.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Chinese criminals scam kids desperate to play games for more than three hours a week Chinese criminals scam kids desperate to play games for more than three hours a week
Graham CLULEY

August 12, 2022

2 min read
Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach
Silviu STAHIE

August 09, 2022

1 min read
Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down
Silviu STAHIE

August 05, 2022

1 min read