H Security – (International) Simple authentication bypass for MySQL root revealed. Exploits for a recently revealed MySQL authentication bypass flaw are now in the wild, partly because the flaw is simple to exploit to gain root access to the database, experts said. The only mitigating factor appears to be that it depends on the C library with which the MySQL database was built. The bypass, assigned the vulnerability ID CVE-2012-2122, allows an attacker to gain root access by repeatedly trying to login with an incorrect password. Each attempt has a 1 in 256 chance of being given access.
Ali Loney, on June 11, 2012