CVE-2003-1480

MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securiteam.com/tools/5WP031FA0U.html	Exploit
http://www.securityfocus.com/bid/7500	Exploit
http://secunia.com/advisories/8753	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:mysql:3.22:::::::*
	cpe:2.3:a:oracle:mysql:3.22.27:::::::*
	cpe:2.3:a:oracle:mysql:3.23.10:::::::*
	cpe:2.3:a:oracle:mysql:3.23.22:::::::*
	cpe:2.3:a:oracle:mysql:3.23.24:::::::*
	cpe:2.3:a:oracle:mysql:3.23.28:gamma::::::
	cpe:2.3:a:oracle:mysql:3.23.3:::::::*
	cpe:2.3:a:oracle:mysql:3.23.36:::::::*
	cpe:2.3:a:oracle:mysql:3.23.38:::::::*
	cpe:2.3:a:oracle:mysql:3.23.44:::::::*
	cpe:2.3:a:oracle:mysql:3.23.46:::::::*
	cpe:2.3:a:mysql:mysql:4.1.0:::::::*
	cpe:2.3:a:oracle:mysql:3.22.28:::::::*
	cpe:2.3:a:oracle:mysql:3.22.29:::::::*
	cpe:2.3:a:oracle:mysql:3.22.30:::::::*
	cpe:2.3:a:oracle:mysql:3.22.32:::::::*
	cpe:2.3:a:oracle:mysql:3.23.5:::::::*
	cpe:2.3:a:oracle:mysql:3.23.8:::::::*
	cpe:2.3:a:oracle:mysql:3.23.31:::::::*
	cpe:2.3:a:oracle:mysql:3.23.32:::::::*
	cpe:2.3:a:oracle:mysql:3.23.33:::::::*
	cpe:2.3:a:oracle:mysql:3.23.34:::::::*
	cpe:2.3:a:oracle:mysql:3.23.47:::::::*
	cpe:2.3:a:oracle:mysql:3.23.48:::::::*
	cpe:2.3:a:oracle:mysql:3.23.49:::::::*
	cpe:2.3:a:oracle:mysql:3.23.50:::::::*
	cpe:2.3:a:oracle:mysql:3.23.52:::::::*
	cpe:2.3:a:oracle:mysql:4.0.0:::::::*
	cpe:2.3:a:oracle:mysql:4.0.1:::::::*
	cpe:2.3:a:oracle:mysql:4.0.2:::::::*
	cpe:2.3:a:oracle:mysql:4.0.3:::::::*
	cpe:2.3:a:oracle:mysql:4.0.8:gamma::::::
	cpe:2.3:a:oracle:mysql:4.0.11:gamma::::::
	cpe:2.3:a:oracle:mysql:3.20:::::::*
	cpe:2.3:a:oracle:mysql:3.20.32a:::::::*
	cpe:2.3:a:oracle:mysql:3.21:::::::*
	cpe:2.3:a:oracle:mysql:3.22.26:::::::*
	cpe:2.3:a:oracle:mysql:3.23.2:::::::*
	cpe:2.3:a:oracle:mysql:3.23.4:::::::*
	cpe:2.3:a:oracle:mysql:3.23.9:::::::*
	cpe:2.3:a:oracle:mysql:3.23.23:::::::*
	cpe:2.3:a:oracle:mysql:3.23.25:::::::*
	cpe:2.3:a:oracle:mysql:3.23.26:::::::*
	cpe:2.3:a:oracle:mysql:3.23.27:::::::*
	cpe:2.3:a:oracle:mysql:3.23.28:::::::*
	cpe:2.3:a:oracle:mysql:3.23.29:::::::*
	cpe:2.3:a:oracle:mysql:3.23.30:::::::*
	cpe:2.3:a:oracle:mysql:3.23.35:::::::*
	cpe:2.3:a:oracle:mysql:3.23.37:::::::*
	cpe:2.3:a:oracle:mysql:3.23.39:::::::*
	cpe:2.3:a:oracle:mysql:3.23.40:::::::*
	cpe:2.3:a:oracle:mysql:3.23.41:::::::*
	cpe:2.3:a:oracle:mysql:3.23.42:::::::*
	cpe:2.3:a:oracle:mysql:3.23.43:::::::*
	cpe:2.3:a:oracle:mysql:3.23.45:::::::*
	cpe:2.3:a:oracle:mysql:3.23.51:::::::*
	cpe:2.3:a:oracle:mysql:3.23.53:::::::*
	cpe:2.3:a:oracle:mysql:3.23.53a:::::::*
	cpe:2.3:a:oracle:mysql:3.23.54:::::::*
	cpe:2.3:a:oracle:mysql:3.23.54a:::::::*
	cpe:2.3:a:oracle:mysql:3.23.55:::::::*
	cpe:2.3:a:oracle:mysql:3.23.56:::::::*
	cpe:2.3:a:oracle:mysql:4.0.5a:::::::*
	cpe:2.3:a:oracle:mysql:4.0.7:gamma::::::
cpe:2.3:a:oracle:mysql:4.0.9:gamma::::::
cpe:2.3:a:oracle:mysql:4.1.0:alpha::::::

Information

Published : 2003-12-30 21:00

Updated : 2019-12-17 09:11

NVD link : CVE-2003-1480

Mitre link : CVE-2003-1480

JSON object : View

CWE

CWE-310

Cryptographic Issues

Products Affected

oracle

mysql

mysql

mysql

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securiteam.com/tools/5WP031FA0U.html", "name": "http://www.securiteam.com/tools/5WP031FA0U.html", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/7500", "name": "7500", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/8753", "name": "8753", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-310"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2003-1480", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2003-12-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.22.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.28:gamma:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.44:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.46:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mysql:mysql:4.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.22.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.22.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.22.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.22.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.47:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.48:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.49:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.50:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.52:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.0.8:gamma:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.0.11:gamma:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.20.32a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.22.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.39:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.40:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.41:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.42:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.43:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.45:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.51:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.53:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.53a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.54:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.54a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.55:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:3.23.56:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.0.5a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.0.7:gamma:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.0.9:gamma:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:mysql:4.1.0:alpha:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-12-17T17:11Z"}

4.3 /10