MySQL 3.20.32 - 3.23.52 Weak Default Configuration

This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.

Synopsis :

The default configuration of the remote database server may be

Description :

The version of MySQL installed on the remote host is 3.20.32 to
3.23.52. On Windows, the default configuration used in these versions
is weak :

- The database server binds to all network interfaces and
can be reached from outside. (CVE-2002-1921)

- Logging is disabled, attackers will not be detected.

- root's password is blank. (BID 5503)

See also :

Solution :

Edit the configuration file and add this line if needed :


Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 7.5
Public Exploit Available : true

Family: Databases

Nessus Plugin ID: 17821 ()

Bugtraq ID: 5503

CVE ID: CVE-2002-1921