CVE-2003-1480

MySQL 3.20-4.1.0 - Weak Password Hashing

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-1480. PoCs published by Secret Squirrel.

AI-analyzed exploit summary This exploit demonstrates a brute-force attack against MySQL's weak password hashing algorithm (CVE-2003-1480). It reverses the left-shift-based cipher to recover plaintext passwords from hashed values.

Description

MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Secret Squirrel · clocallinux

https://www.exploit-db.com/exploits/22565

View Code ZIP pw:eip

This exploit demonstrates a brute-force attack against MySQL's weak password hashing algorithm (CVE-2003-1480). It reverses the left-shift-based cipher to recover plaintext passwords from hashed values.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: MySQL (versions prior to 4.1)

No auth needed

Prerequisites: access to a MySQL password hash

MITRE ATT&CK

T1110 - Brute Force

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/8753

Exploit x_refsource_misc

http://www.securiteam.com/tools/5WP031FA0U.html

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/7500

Scores

EPSS 0.0267

EPSS Percentile 83.8%

Details

CWE

CWE-310

Status published

Products (49)

mysql/mysql 4.1.0

oracle/mysql 3.20

oracle/mysql 3.20.32a

oracle/mysql 3.21

oracle/mysql 3.22

oracle/mysql 3.22.26

oracle/mysql 3.22.27

oracle/mysql 3.22.28

oracle/mysql 3.22.29

oracle/mysql 3.22.30

... and 39 more

Published Dec 31, 2003

Tracked Since Feb 18, 2026