Clear Text Password Exposure Vulnerability in MySQL GUI Tools by Oracle
CVE-2010-4177

5.5MEDIUM

Key Information:

Vendor: Mysql-gui-tools
Status: Mysql-gui-tools
Vendor: CVE Published:; 12 November 2019

What is CVE-2010-4177?

MySQL GUI Tools, specifically the mysql-query-browser and mysql-admin components, have a vulnerability that allows user passwords to be exposed in clear text through the listing of running processes. This occurs in versions prior to 5.0r14 for specific builds on openSUSE. Such exposure can lead to unauthorized access to the MySQL server, underscoring the importance of employing secure coding practices and regular updates to mitigate risks associated with clear text password handling.

Affected Version(s)

mysql-gui-tools before 5.0r14+openSUSE-2.3

References

https://security-tracker.debian.org/tracker/CVE-2010-4177

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4177

x_refsource_MISC

https://access.redhat.com/security/cve/cve-2010-4177

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2019
Vulnerability Reserved
Nov 4, 2010

Mysql-gui-tools

What is CVE-2010-4177?

Affected Version(s)

References

CVSS V3.1

Timeline