Home page logo

oss-sec logo oss-sec mailing list archives

CVE request: Mysql/Mariadb insecure salt-usage
From: Huzaifa Sidhpurwala <huzaifas () redhat com>
Date: Wed, 05 Dec 2012 12:26:58 +0530


Noticed another post by kingcope on full-disclosure, which basically
boils down to re-use of a salt-value when transmitting passwords
over a network.

If you could MITM/capture network packets, you could use this
weakness to determine the passwords.


Should this a CVE be assigned to this issue?

Huzaifa Sidhpurwala / Red Hat Security Response Team

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]