Loading...
Thursday, September 20, 2012

Rapid 7 released CVE-2012-2122 MySQL password vulnerability scanner ScanNow

Rapid7 has released a tool to scan an unlimited number of IP addresses for the MySQL Authentication Bypass vulnerability.

Recently, vulnerability listed as CVE-2012-2122 : If one knows a user name to connect (and "root" almostalways exists), he can connect using *any* password by repeatingconnection attempts. ~300 attempts takes only a fraction of second, sobasically account password protection is as good as nonexistent.Any client will do, there's no need for a special libmysqlclient library.

Exploit for this vulnerability was released on Tools Yard before. Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23 are vulnerable to this bug.

At the United Security Summit last week, Rapid7’s HD Moore said that 3 million MySQL servers discovered online, half of them were running without any sort of ACL (Access Control List) on the host, that means1.5 million systems are vulnerable to CVE-2012-2122.

The tool released today will allow IT teams a quick and easy check to determine if their MySQL deployments are vulnerable or not.

The ScanNow tool is free, and can be downloaded here.

Download Free Version Now – Yours To Keep, No Expiration!
System Requirements:
  • OS: Windows XP / Vista / Windows 7 / Server 2003 / Server 2008 (32bit or 64bit)
  • HD Space: 10 MB of disk space
  • RAM: 1GB minimum, 2GB or more recommended
  • Java Version: 1.6 and later

Source -
Thanks to thehackernews

Visit Website -

0 comments:

Post a Comment

 
TOP