The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2004-09-01T04:00:00

Updated: 2024-08-08T03:19:28.889Z

Reserved: 2002-12-16T00:00:00

Link: CVE-2002-1374

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2002-12-23T05:00:00.000

Modified: 2024-11-20T23:41:09.243

Link: CVE-2002-1374

cve-icon Redhat

Severity : Important

Publid Date: 2002-12-12T00:00:00Z

Links: CVE-2002-1374 - Bugzilla