Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2012-12-03 04:49
Updated : 2023-02-12 20:37
NVD link : CVE-2012-5615
Mitre link : CVE-2012-5615
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
mariadb
- mariadb
oracle
- mysql