Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Databases --> Category: infos

MySQLs accepts any password Vulnerability Scan

Vulnerability Scan Summary
Checks for the remote MySQL version

Detailed Explanation for this Vulnerability Test

You are running a version of MySQL which is
older than (or as old as) version 3.22.30 or 3.23.10

If you have not patched this version, then
any attacker who knows a valid username can
access your tables without having to enter any
valid password.

Threat Level: High
Solution : Upgrade to a newer version, or
edit the file mysql-xxx/sql/password.c, and
search for the 'while(*scrambled)' loop. In front
of it, add : 'if(strlen(scrambled) != strlen(to))return 1'

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.