MySQL Databases Let Loose User Passwords -- Redmondmag.com

MySQL Databases Let Loose User Passwords

By Chris Paoli
06/13/2012

In this edition's "Password Breach of the Week" story, news recently surfaced that an attacker could gain access to MySQL databases thanks to a flaw that will verify an incorrect password as correct.

While the flaw isn't found in all systems (and those running MySQL and its brother MariaDB databases on Windows are safe), this open door could give hackers access to all your info stored using the SQL language.

According to folks in the MariaDB camp, this flaw has the probability of popping up once in every 256 attempts. While those aren't the type of odds you would lay money down on in Vegas, know that an attacker could easily submit a password hundreds of times in a second. That's as close to a sure thing you're going to get in the world of cyber crime.

As with most security vulnerabilities, this bug can be easily avoided with patching your software to the latest version.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Featured

Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.
What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.