{"vuid":"VU#184030","idnumber":"184030","name":"MySQL fails to properly evaluate zero-length strings in the check_scramble_323() function","keywords":["MySQL","zero-length","NULL","check_scramble_323() function","authentication bypass","passwd_len"],"overview":"There is a vulnerability in the password authentication mechanism of MySQL which could allow an attacker to bypass authentication by supplying a zero-length string.","clean_desc":"MySQL is an open-source database system available for Microsoft Windows, Linux, and other UNIX-based operating systems. There is a vulnerability in the check_scramble_323() function that could allow an attacker to bypass authentication by supplying a \"passwd_len\" value of NULL. It has been reported that versions 4.1 prior to 4.1.3 and version 5.0 are affected. Note: In order to exploit this vulnerability, an attacker would have to use a modified MySQL client library.","impact":"A remote, unauthenticated attacker with network access to the MySQL server could successfully authenticate without knowledge of the user's password.","resolution":"Upgrade\nAccording to the NGSSoftware Security Advisory, this vulnerability has been fixed in version 4.1.3 (Beta) and version 5.0 (Alpha). Note: Users should exercise caution before installing beta or alpha releases.","workarounds":"Restrict access Block or restrict access to the MySQL service (typically 3306/tcp) from untrusted networks such as the Internet.","sysaffected":"","thanks":"This vulnerability was reported by Chris Anley of \nNGSSoftware","author":"This document was written by Damon Morda.","public":["http://www.nextgenss.com/advisories/mysql-authbypass.txt","http://secunia.com/advisories/12020/","http://www.securitytracker.com/alerts/2004/Jul/1010645.html","http://www.securityfocus.com/bid/10654","http://dev.mysql.com/doc/mysql/en/News-4.1.3.html"],"cveids":["CVE-2004-0627"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-07-07T15:54:01Z","publicdate":"2004-07-01T00:00:00Z","datefirstpublished":"2004-07-12T20:12:40Z","dateupdated":"2004-07-12T20:55:46Z","revision":26,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"5","cam_impact":"12","cam_easeofexploitation":"15","cam_attackeraccessrequired":"17","cam_scorecurrent":"5.7375","cam_scorecurrentwidelyknown":"7.171875","cam_scorecurrentwidelyknownexploited":"12.909375","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":5.7375,"vulnote":null}