ByteOS Network

NVD Vulnerability Details :

CVE-2012-2122

Deferred

Source-secalert@redhat.com

Published At-26 Jun, 2012 | 18:55

Updated At-11 Apr, 2025 | 00:51

sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	5.1	MEDIUM	AV:N/AC:H/Au:N/C:P/I:P/A:P

Type: Primary

Version: 2.0

Base score: 5.1

Base severity: MEDIUM

Vector:

AV:N/AC:H/Au:N/C:P/I:P/A:P

Hyperlink	Source	Resource
http://bugs.mysql.com/bug.php?id=64884	secalert@redhat.com	Exploit
http://kb.askmonty.org/en/mariadb-5162-release-notes/	secalert@redhat.com	N/A
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html	secalert@redhat.com	N/A
http://seclists.org/oss-sec/2012/q2/493	secalert@redhat.com	Patch
http://secunia.com/advisories/49417	secalert@redhat.com	Vendor Advisory
http://secunia.com/advisories/53372	secalert@redhat.com	N/A
http://security.gentoo.org/glsa/glsa-201308-06.xml	secalert@redhat.com	N/A
http://securitytracker.com/id?1027143	secalert@redhat.com	N/A
http://www.exploit-db.com/exploits/19092	secalert@redhat.com	N/A
http://www.securityfocus.com/bid/53911	secalert@redhat.com	Exploit
https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql	secalert@redhat.com	Exploit
http://bugs.mysql.com/bug.php?id=64884	af854a3a-2127-422b-91ae-364da2661108	Exploit
http://kb.askmonty.org/en/mariadb-5162-release-notes/	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://seclists.org/oss-sec/2012/q2/493	af854a3a-2127-422b-91ae-364da2661108	Patch
http://secunia.com/advisories/49417	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://secunia.com/advisories/53372	af854a3a-2127-422b-91ae-364da2661108	N/A
http://security.gentoo.org/glsa/glsa-201308-06.xml	af854a3a-2127-422b-91ae-364da2661108	N/A
http://securitytracker.com/id?1027143	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.exploit-db.com/exploits/19092	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/53911	af854a3a-2127-422b-91ae-364da2661108	Exploit
https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql	af854a3a-2127-422b-91ae-364da2661108	Exploit

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History