Clear Text Password Exposure Vulnerability in MySQL GUI Tools by Oracle
CVE-2010-4177

5.5MEDIUM

Key Information:

Vendor

Mysql-gui-tools

Status
Mysql-gui-tools
Vendor
CVE Published:
12 November 2019

What is CVE-2010-4177?

MySQL GUI Tools, specifically the mysql-query-browser and mysql-admin components, have a vulnerability that allows user passwords to be exposed in clear text through the listing of running processes. This occurs in versions prior to 5.0r14 for specific builds on openSUSE. Such exposure can lead to unauthorized access to the MySQL server, underscoring the importance of employing secure coding practices and regular updates to mitigate risks associated with clear text password handling.

Affected Version(s)

mysql-gui-tools before 5.0r14+openSUSE-2.3

References

https://security-tracker.debian.org/tracker/CVE-2010-4177
x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4177
x_refsource_MISC
https://access.redhat.com/security/cve/cve-2010-4177
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.