Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: NSE: mysql-vuln-cve2012-2122 - Authentication bypass in MySQL and MariaDB servers up to 5.1.61, 5.2.11, 5.3.5 and 5.5.22
From: Paulino Calderon <paulino () calderonpale com>
Date: Wed, 13 Jun 2012 00:18:50 -0600

On 06/11/2012 02:16 PM, David Fifield wrote:
On Mon, Jun 11, 2012 at 02:45:48AM -0600, Paulino Calderon wrote:
After testing from a remote connection I realized the iteration
counter needed to be way bigger. I also left additional debug
messages that were added when troubleshooting.
Let's commit this script as we've already had some positive reports.

What made you increase to 10000 tries? The chance of failing after 1000
is (255/256)**1000 ≈ 2%. Was that too high a failure rate or was it for
some other reason?

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
The script started to fail when using a remote connection but I realized today it was probably my flaky connection dropping the packets =/.

I've signed up with a new ISP, changed the iteration value back to 1,500 and commited it as r28928. I will try to test this against MariaDB and report back/update this.

Cheers.

Attachment: mysql-vuln-cve2012-2122.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]