|
| TC: | 12060 | |
| Description: | MySql Database server is a very popular database server which sees widespread use throughout the world. A vulnerability exists in the default installation of the MySQL database which creates a default user/password pairing. This default configuration can easily be discovered and accessed remotely by an attacker and, upon discovery exploited to the total compromise of the target database system. | |
| TC Impact: | Gather Info | |
| Service: | mysql |
| Vulnerability Publication: | August 19, 2002 | |
| Advisory Copyright: | Mike Bommarito | |
| Summary: | A remote attacker can cause a total compromise of your MySQL database server. | |
| Risk: | High | |
| CVSS 2.0 metrics: | Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial | |
| CVSS 2.0 Base Score: | 7.5 |
| Vulnerability Impact: |
Attack |
|---|
| Host Impact: | That a remote attacker might totally compromise your database server. | |
| Nature of Remediation: | Change the configuration. |
| Step required to fix the reported vulnerability: | |
***** Solution type: Update Configuration ***** Change root@host password. Note that this differs from the root@localhost password. |
| References: | ||
| * BUGTRAQ: 20020818 Weak MySQL Default Configuration on Windows http://archives.neohapsis.com/archives/bugtraq/2002-08/0185.html * BID: 5503 http://www.securityfocus.com/bid/5503 * XF: mysql-default-root-access(9902) http://www.iss.net/security_center/static/9902.php |
| CVE Link: |
CVE-2002-1809 |
 |
|---|
| Glossary: |
Password SQL TCP |
|---|