Security flaw in MySQL, MariaDB allows access with any password—just keep submitting it


    When the latest release of MariaDB was announced in April by MontyProgram AB founder and MySQL creator Michael “Monty” Widenius, it came with a warning from Widenius that a severe security bug had been discovered in previous versions of both MariaDB and MySQL. Oracle subsequently released a patch for MySQL. Now the details of the flaw, and the extent of the vulnerability, have been revealed: it could allow anyone who knows a valid user account on the database to connect using any password with a brute-force attack.

    The affected versions of both databases have a flaw in their authentication system caused by a variation in how the memcmp() function—which compares two values stored in memory to see if they are equal—is implemented in some Linux compilers. When a user connects to the database and submits a password, the authentication system of the databases creates a token from the submitted password using a Secure Hash Algorithm and a randomly generated string of text as the key. The resulting token is compared to a hash made from the stored password in the system using the memcmp function, which returns a value of zero if they’re the same; if they’re not, the function is supposed to return a positive or negative integer. A return of “0” would mean the password is correct.

    But in the affected versions of MariaDB and MySQL, as MontyProgram’s Sergei Golubchik wrote in a list posting on June 9, the database can be fooled into accepting a password even if it doesn’t match. “Because of incorrect [type] casting [in the code],” he wrote, “it might’ve happened that the token and the expected value were considered equal, even if the memcmp() returned a non-zero value. In this case, MySQL/MariaDB would think that the password is correct even while it is not.”

    Read more | Comments

    See original article:
    Security flaw in MySQL, MariaDB allows access with any password—just keep submitting it


    Please enter your comment!
    Please enter your name here


    This site uses Akismet to reduce spam. Learn how your comment data is processed.