CVE-2012-5615

Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mariadb:mariadb:5.5.28a:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.5.19:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:5.2.13:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:5.1.66:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:5.3.11:*:*:*:*:*:*:*

Information

Published : 2012-12-03 04:49

Updated : 2023-02-12 20:37


NVD link : CVE-2012-5615

Mitre link : CVE-2012-5615


JSON object : View

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

dedicated server usa

Products Affected

mariadb

  • mariadb

oracle

  • mysql