Slashdot Mirror

← Back to Stories (view on slashdot.org)

MariaDB and MySQL Authentication Bypass Exploit

Posted by samzenpus on from the protect-ya-neck dept.

JohnBert writes "A security bug in MariaDB and MySQL has been revealed, allowing a known username and password to access the master user table of a MySQL server and dump it into a locally-stored file. By using a tool like John the Ripper, this file can be easily cracked to reveal text passwords that can provide further access. By committing a threaded brute-force module that abuses the authentication bypass flaw to automatically dump the password database, you can access the database using the cracked password hashes even if the authentication bypass vulnerability is fixed."

2 of 73 comments (clear)

  1. Re:holy motherfucking cheetah by Anonymous Coward · · Score: 5, Insightful

    And that is why we use fail2ban.

  2. Re:Could have told us what it is by Anonymous Coward · · Score: 5, Insightful

    They are casting the result of int strcmp to my_bool, which they have defined as typedef char my_bool.

    Since int is bigger than char, you have really lots of ints than can be 0 when casted to char.