Pin It

Bypass MYSQL Authentication CVE-2012-2122


MY SQL Hacked

Recently a serious vulnerability inside mysql has been found. According to the advisory the following versions are affected - 5.5.23, 5.3.6, 5.2.12, 5.1.62. This is not a the first time authentication vulnerability has been found inside mysql, However the developers fail to protect it.

So what was the fault?, How and why is mysql authentication affected. According to researchers the mysql authentication was checked for wrong password 255 times out of 256. Which means that one in 256 passwords might let you in.
In order to exploit this vulnerability, it takes just this piece of the code to be injected:

$ for i in `seq 1 1000`; do mysql -u root --password=bad -h 127.0.0.1 2>/dev/null; done mysql>


"When a user connects to MariaDB/MySQL, a token (SHAover a password and a random scramble string) is calculated and comparedwith the expected value. Because of incorrect casting, it might'vehappened that the token and the expected value were considered equal,even if the memcmp() returned a non-zero value. In this caseMySQL/MariaDB would think that the password is correct, even while it isnot. Because the protocol uses random strings, the probability ofhitting this bug is about 1/256."


"Which means, if one knows a user name to connect (and "root" almostalways exists), she can connect using *any* password by repeatingconnection attempts. ~300 attempts takes only a fraction of second, sobasically account password protection is as good as nonexistent.Any client will do, there's no need for a special libmysqlclient library."


CounterMeasures

Patch your MySQL or MariaDB installations if you haven't already.

Demonstrations





Subscribe to our Newsletter and receive updates directly via email - Get Ethical hacking and security tips directly to your inbox. Alternatively you can Join our Hackers Community on Facebook, Google+ and Twitter.
Subscribe to RHA


Enjoyed this article?
Subscribe to "Rafay Hacking Articles" and get daily updates in your inbox for free!




Kindly Bookmark it and Share it with Friends:

4 comments:

Shahbaz Khan on June 13, 2012 at 11:11 PM said...

Hard to learn, but great

Anonymous said...

Exploiting MySQL Authentication Bypass Vulnerability (CVE-2012-2122)
http://youtu.be/Mg5iUjOpusE?hd=1

Isolde Alexeyeva on June 30, 2012 at 6:07 AM said...

Your articles are more than wow!
price per head software

Antic_Hero on July 13, 2012 at 1:57 AM said...

Its easy for use. you can download this software by cliking link below.domain name

Dare to ask? :)

Subscribe to: Post Comments (Atom)

Blog Archive

 

Popular Posts

Recent Comments

Stats

rafayhackingarticles.net DMCA.com Rafay Baloch - Find me on Bloggers.com

Receive all updates via Facebook. Just Click the Like Button Below

You can also receive Free Email Updates:

Followers

RHA © 2013. All Rights Reserved.

Design By My Blogger Tricks | Home | RSS

Click Here To Subscribe Now To Our RSS FEED.