Vulnerabilities > CVE-2003-1480 - Cryptographic Issues vulnerability in multiple products

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

mysql

oracle

CWE-310

nessus

exploit available

NVD

Published: 2003-12-31

Updated: 2019-12-17

Summary

MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods.

Vulnerable Configurations

Part	Description	Count
Application	Mysql Mysql Mysql 4.1.0	1
Application	Oracle Oracle Mysql 3.20 Oracle Mysql 3.20.32A Oracle Mysql 3.21 Oracle Mysql 3.22 Oracle Mysql 3.22.26 Oracle Mysql 3.22.27 Oracle Mysql 3.22.28 Oracle Mysql 3.22.29 Oracle Mysql 3.22.30 Oracle Mysql 3.22.32 Oracle Mysql 3.23.2 Oracle Mysql 3.23.3 Oracle Mysql 3.23.4 Oracle Mysql 3.23.5 Oracle Mysql 3.23.8 Oracle Mysql 3.23.9 Oracle Mysql 3.23.10 Oracle Mysql 3.23.22 Oracle Mysql 3.23.23 Oracle Mysql 3.23.24 Oracle Mysql 3.23.25 Oracle Mysql 3.23.26 Oracle Mysql 3.23.27 Oracle Mysql 3.23.28 Oracle Mysql 3.23.29 Oracle Mysql 3.23.30 Oracle Mysql 3.23.31 Oracle Mysql 3.23.32 Oracle Mysql 3.23.33 Oracle Mysql 3.23.34 Oracle Mysql 3.23.35 Oracle Mysql 3.23.36 Oracle Mysql 3.23.37 Oracle Mysql 3.23.38 Oracle Mysql 3.23.39 Oracle Mysql 3.23.40 Oracle Mysql 3.23.41 Oracle Mysql 3.23.42 Oracle Mysql 3.23.43 Oracle Mysql 3.23.44 Oracle Mysql 3.23.45 Oracle Mysql 3.23.46 Oracle Mysql 3.23.47 Oracle Mysql 3.23.48 Oracle Mysql 3.23.49 Oracle Mysql 3.23.50 Oracle Mysql 3.23.51 Oracle Mysql 3.23.52 Oracle Mysql 3.23.53 Oracle Mysql 3.23.53A Oracle Mysql 3.23.54 Oracle Mysql 3.23.54A Oracle Mysql 3.23.55 Oracle Mysql 3.23.56 Oracle Mysql 4.0.0 Oracle Mysql 4.0.1 Oracle Mysql 4.0.2 Oracle Mysql 4.0.3 Oracle Mysql 4.0.5A Oracle Mysql 4.0.7 Oracle Mysql 4.0.8 Oracle Mysql 4.0.9 Oracle Mysql 4.0.11 Oracle Mysql 4.1.0	65

Common Weakness Enumeration (CWE)

CWE-310 - Cryptographic Issues

Common Attack Pattern Enumeration and Classification (CAPEC)

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Exploit-Db

description	MySQL 3.x/4.0.x Weak Password Encryption Vulnerability. CVE-2003-1480. Local exploit for linux platform
id	EDB-ID:22565
last seen	2016-02-02
modified	2003-05-05
published	2003-05-05
reporter	Secret Squirrel
source	https://www.exploit-db.com/download/22565/
title	MySQL 3.x/4.0.x Weak Password Encryption Vulnerability

Nessus

NASL family	Databases
NASL id	MYSQL_4_1.NASL
description	The version of MySQL installed on the remote host is older than 4.1.1. As such, it reportedly uses a weak algorithm to hash the passwords. A attacker who can read the mysql.user table will be able to retrieve the plaintext passwords quickly by brute-force attack.
last seen	2020-06-01
modified	2020-06-02
plugin id	17824
published	2012-01-18
reporter	This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/17824
title	MySQL Weak Hash Algorithm
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(17824); script_version("1.6"); script_cvs_date("Date: 2018/07/16 14:09:12"); script_bugtraq_id(7500); script_cve_id("CVE-2003-1480"); script_name(english:"MySQL Weak Hash Algorithm"); script_summary(english:"Checks version of MySQL Server"); script_set_attribute(attribute:"synopsis", value: "Passwords could be brute-forced on the remote database server."); script_set_attribute(attribute:"description", value: "The version of MySQL installed on the remote host is older than 4.1.1. As such, it reportedly uses a weak algorithm to hash the passwords. A attacker who can read the mysql.user table will be able to retrieve the plaintext passwords quickly by brute-force attack."); script_set_attribute(attribute:"see_also", value:"http://dev.mysql.com/doc/refman/5.0/en/application-password-use.html"); script_set_attribute(attribute:"solution", value:"Upgrade to MySQL version 4.1.1 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(310); script_set_attribute(attribute:"vuln_publication_date", value:"2003/05/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/18"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mysql:mysql"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mysql_version.nasl", "mysql_login.nasl"); script_require_keys("Settings/ParanoidReport"); script_require_ports("Services/mysql", 3306); exit(0); } include("mysql_version.inc"); mysql_check_version(fixed:'4.1.1', severity:SECURITY_WARNING);

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit-Db

Nessus

References