MySQL Weak Hash Algorithm

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

Passwords could be brute-forced on the remote database server.

Description :

The version of MySQL installed on the remote host is older than
4.1.1. As such, it reportedly uses a weak algorithm to hash the
passwords. A attacker who can read the mysql.user table will be able
to retrieve the clear text passwords quickly by brute-force attack.

See also :

http://dev.mysql.com/doc/refman/5.0/en/application-password-use.html

Solution :

Upgrade to MySQL version 4.1.1 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Family: Databases

Nessus Plugin ID: 17824 ()

Bugtraq ID: 7500

CVE ID: CVE-2003-1480