National Cyber-Alert System
Vulnerability Summary: CVE-2004-0627
Orirignal release date: 2004-12-06
Source: US-CERT/NIST

Overview

    The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to bypass authentication via a zero-length scrambled string.

Impact

    CVSS Severity: 10 (High)
    Range: remote
    Authentication: access,exception
    Impact Type: sec_prot admin="1" user="1" other="1"

Reference to Advisories, Solutions, and Tools

Vulnerable Software and Vendor

    MySQL (MySQL AB)

Technical Details

CVE Standard Vulnerability Entry: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0627