MySQL Authentication Protocol Token Comparison Casting Failure Password Bypass

High Nessus Plugin ID 61393

Synopsis

The remote database server can be accessed without a valid password.

Description

A flaw in the MySQL server allows remote users to authenticate without a valid password due to a failure when casting a randomly generated token and comparing it to an expected value.

Solution

Upgrade to MySQL 5.1.63 / 5.5.24 or later.

MySQL Authentication Protocol Token Comparison Casting Failure Password Bypass

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

CVSSv2

Vulnerability Information

Exploitable With

Reference Information