MySQL Remote Root Authentication Bypass (CVE-2012-2122)

A new vulnerability discovered in MySQL Server allow an attacker to gain remote root privileges. According to the original article posted on SC Magazine “Security experts have identified some 879,046 servers vulnerable to a brute force flaw that undermines password controls in MySQL and MariaDB systems.”

This critical vulnerability CVE-2012-2122 was already patched so you have to fix your MySQL server as soon as possible.

The pyton script is still available on Exploit-DB and can be converted in a single line Bash Script:
$ for i in `seq 1 1000`; do mysql -u root --password=bad -h 127.0.0.1 2>/dev/null; done

Patch your MySQL ! :)

 

Leave a Reply

Your email address will not be published. Required fields are marked *