Vulnerabilities > CVE-2003-1480 - Cryptographic Issues vulnerability in multiple products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Exploit-Db
description | MySQL 3.x/4.0.x Weak Password Encryption Vulnerability. CVE-2003-1480. Local exploit for linux platform |
id | EDB-ID:22565 |
last seen | 2016-02-02 |
modified | 2003-05-05 |
published | 2003-05-05 |
reporter | Secret Squirrel |
source | https://www.exploit-db.com/download/22565/ |
title | MySQL 3.x/4.0.x Weak Password Encryption Vulnerability |
Nessus
NASL family | Databases |
NASL id | MYSQL_4_1.NASL |
description | The version of MySQL installed on the remote host is older than 4.1.1. As such, it reportedly uses a weak algorithm to hash the passwords. A attacker who can read the mysql.user table will be able to retrieve the plaintext passwords quickly by brute-force attack. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 17824 |
published | 2012-01-18 |
reporter | This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/17824 |
title | MySQL Weak Hash Algorithm |
code |
|