Hacker, Researcher and Author.

Bypass MYSQL Authentication CVE-2012-2122

MY SQL Hacked

Recently a serious vulnerability inside mysql has been found. According to the advisory the following versions are affected - 5.5.23, 5.3.6, 5.2.12, 5.1.62. This is not a the first time authentication vulnerability has been found inside mysql, However the developers fail to protect it.

So what was the fault?, How and why is mysql authentication affected. According to researchers the mysql authentication was checked for wrong password 255 times out of 256. Which means that one in 256 passwords might let you in.
In order to exploit this vulnerability, it takes just this piece of the code to be injected:

$ for i in `seq 1 1000`; do mysql -u root --password=bad -h 127.0.0.1 2>/dev/null; done mysql>


"When a user connects to MariaDB/MySQL, a token (SHAover a password and a random scramble string) is calculated and comparedwith the expected value. Because of incorrect casting, it might'vehappened that the token and the expected value were considered equal,even if the memcmp() returned a non-zero value. In this caseMySQL/MariaDB would think that the password is correct, even while it isnot. Because the protocol uses random strings, the probability ofhitting this bug is about 1/256."


"Which means, if one knows a user name to connect (and "root" almostalways exists), she can connect using *any* password by repeatingconnection attempts. ~300 attempts takes only a fraction of second, sobasically account password protection is as good as nonexistent.Any client will do, there's no need for a special libmysqlclient library."


CounterMeasures

Patch your MySQL or MariaDB installations if you haven't already.

Demonstrations




4 comments:

  1. Exploiting MySQL Authentication Bypass Vulnerability (CVE-2012-2122)
    http://youtu.be/Mg5iUjOpusE?hd=1

    ReplyDelete
  2. Its easy for use. you can download this software by cliking link below.domain name

    ReplyDelete

© 2016 All Rights Reserved by RHA Info Sec. Top

Contact Form

Name

Email *

Message *

Powered by Blogger.