The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2004-09-01T04:00:00
Updated: 2024-08-08T03:19:28.889Z
Reserved: 2002-12-16T00:00:00
Link: CVE-2002-1374
Vulnrichment
No data.
NVD
Status : Modified
Published: 2002-12-23T05:00:00.000
Modified: 2024-11-20T23:41:09.243
Link: CVE-2002-1374
Redhat