MySQL Zero-length Scrambled String Crafted Packet Authentication Bypass

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.

Synopsis :

It is possible to bypass authentication on the remote database

Description :

A bug in the version of MySQL running on the remote host allows a
remote attacker to bypass the password authentication mechanism using
a specially crafted packet with a zero-length scramble buff string.

An attacker with knowledge of an existing account defined to the
affected service can leverage this vulnerability to bypass
authentication and gain full access to that account.

See also :

Solution :

Upgrade to MySQL 4.1.3 or later.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.2
Public Exploit Available : true

Family: Databases

Nessus Plugin ID: 17690 ()

Bugtraq ID: 10654

CVE ID: CVE-2004-0627

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now