Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: mysql password cracking
From: "Willem Koenings" <isec () europe com>
Date: Sat, 09 Oct 2004 09:44:55 -0500


I'm wondering how dangerous it is to allow a user on a 
mysql db to view the grants for another user. Could 
they take the encrypted password data and possibly 
crack it? If they can, how easy is it? 

on certain condition it's quite easy, if you have
a hash:

test.exe 57510426775c5b0f
Hash: 57510426775c5b0f
Trying length 3
Trying length 4
Trying length 5
Found pass: guest

some reading for you:


all the best,

Sign-up for Ads Free at Mail.com

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]