MySQL 5.1.x < 5.7.3 SSL/TLS Downgrade MitM (BACKRONYM)
Medium Nessus Plugin ID 83347
SynopsisThe remote MySQL client library is affected by a security feature bypass vulnerability.
DescriptionThe remote host has a version of the MySQL client library installed that is 5.1.x, 5.5.x, 5.6.x, or 5.7.x prior to 5.7.3. It is, therefore, affected by a security feature bypass vulnerability known as 'BACKRONYM' due to a failure to properly enforce the requirement of an SSL/TLS connection when the --ssl client option is used. A man-in-the-middle attacker can exploit this flaw to coerce the client to downgrade to an unencrypted connection, allowing the attacker to disclose data from the database or manipulate database queries.
SolutionUpgrade to MySQL version 5.7.3 or later.