CVE-2004-0627

MySQL <4.1.3, 5.0 - Auth Bypass

Title source: llm

Description

The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to bypass authentication via a zero-length scrambled string.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Eli Kara · perlremotemultiple

https://www.exploit-db.com/exploits/311

View Code ZIP pw:eip

References (3)

[Patch, Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/184030

[Mailing List] http://marc.info/?l=bugtraq&m=108904917528205&w=2

[Patch, Vendor Advisory] http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0001.html

Scores

EPSS 0.5192

EPSS Percentile 97.9%

Details

Status published

Products (1)

mysql/mysql 4.1.0

Published Dec 06, 2004

Tracked Since Feb 18, 2026