|
|
Family: Databases --> Category: infos
MySQLs accepts any password Vulnerability Scan
Vulnerability Scan Summary
Checks for the remote MySQL version
Detailed Explanation for this Vulnerability Test
You are running a version of MySQL which is
older than (or as old as) version 3.22.30 or 3.23.10
If you have not patched this version, then
any attacker who knows a valid username can
access your tables without having to enter any
valid password.
Threat Level: High
Solution : Upgrade to a newer version, or
edit the file mysql-xxx/sql/password.c, and
search for the 'while(*scrambled)' loop. In front
of it, add : 'if(strlen(scrambled) != strlen(to))return 1'
Click HERE for more information and discussions on this network vulnerability scan.
|
