CVE-2004-0627

MySQL 4.1.x < 4.1.3 and 5.0 - Unauthenticated Authentication Bypass via Zero-Length Scrambled String

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-0627. PoCs published by Eli Kara.

AI-analyzed exploit summary This Perl script exploits CVE-2004-0627, an authentication bypass vulnerability in MySQL, by sending a crafted login packet with a zero-length password. It demonstrates successful authentication by manipulating the MySQL protocol handshake.

Description

The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to bypass authentication via a zero-length scrambled string.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Eli Kara · perlremotemultiple

https://www.exploit-db.com/exploits/311

View Code ZIP pw:eip

This Perl script exploits CVE-2004-0627, an authentication bypass vulnerability in MySQL, by sending a crafted login packet with a zero-length password. It demonstrates successful authentication by manipulating the MySQL protocol handshake.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: MySQL (versions affected by CVE-2004-0627)

No auth needed

Prerequisites: Network access to MySQL server · MySQL server vulnerable to CVE-2004-0627

MITRE ATT&CK

T1110.001 - Password Guessing

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Patch, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/184030

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=108904917528205&w=2

Patch, Vendor Advisory mailing-list x_refsource_vulnwatch

http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0001.html

Scores

EPSS 0.6965

EPSS Percentile 99.3%

Details

Status published

Products (1)

mysql/mysql 4.1.0

Published Dec 06, 2004

Tracked Since Feb 18, 2026