sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2012-06-26T18:00:00
Updated: 2024-08-06T19:26:07.691Z
Reserved: 2012-04-04T00:00:00
Link: CVE-2012-2122
Vulnrichment
No data.
NVD
Status : Modified
Published: 2012-06-26T18:55:05.083
Modified: 2014-02-21T04:50:38.233
Link: CVE-2012-2122
Redhat