User Enumeration Vulnerability in Oracle MySQL and MariaDB
CVE-2012-5615

Currently unrated

Key Information:

Vendor

Mariadb

Status
Mariadb
Mysql
Vendor
CVE Published:
3 December 2012

What is CVE-2012-5615?

The vulnerability in Oracle MySQL and MariaDB facilitates user enumeration through differential error messages. When a user submits a request with a username, the system generates specific error messages along with varying time delays, indicating whether the username exists. This behavior can be exploited by remote attackers to systematically determine valid usernames, posing a significant risk to database security and potentially enabling further attacks.

References

http://www.mandriva.com/security/advisories?name=MDVSA-20...
vendor-advisoryx_refsource_MANDRIVA
http://secunia.com/advisories/53372
third-party-advisoryx_refsource_SECUNIA
http://www.openwall.com/lists/oss-security/2012/12/02/3
mailing-listx_refsource_MLIST

EPSS Score

19% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.