CVE-2012-2122

NUCLEI LAB

Oracle Mysql - Authentication Bypass

Title source: rule

Description

sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.

Exploits (6)

exploitdb WORKING POC VERIFIED

by David Kennedy (ReL1K) · pythonremotemultiple

https://www.exploit-db.com/exploits/19092

View Code ZIP pw:eip

nomisec WRITEUP 1 stars

by cyberharsh · poc

https://github.com/cyberharsh/Oracle-mysql-CVE-2012-2122

View Code ZIP pw:eip

nomisec SCANNER 1 stars

by Avinza · poc

https://github.com/Avinza/CVE-2012-2122-scanner

View Code ZIP pw:eip

nomisec WORKING POC

by netw0rk7 · poc

https://github.com/netw0rk7/CVE-2012-2122-Home-Lab

View Code ZIP pw:eip

nomisec WORKING POC

by zhangkaibin0921 · poc

https://github.com/zhangkaibin0921/CVE-2012-2122

View Code ZIP pw:eip

metasploit WORKING POC

by theLightCosine, jcran · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/mysql/mysql_authbypass_hashdump.rb

View Code ZIP pw:eip

Nuclei Templates (1)

MySQL - Authentication Bypass

MEDIUMVERIFIEDby pussycat0x

Shodan: product:"MySQL" || product:"mysql"

References (11)

Core 11

Core References

Exploit x_refsource_misc

http://bugs.mysql.com/bug.php?id=64884

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/53911

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/19092

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/53372

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-201308-06.xml

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html

Exploit x_refsource_misc

https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1027143

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/49417

Patch mailing-list x_refsource_mlist

http://seclists.org/oss-sec/2012/q2/493

Various Sources x_refsource_confirm

http://kb.askmonty.org/en/mariadb-5162-release-notes/

Scores

EPSS 0.9406

EPSS Percentile 99.9%

Lab Environment

COMMUNITY

Community Lab

docker pull vulhub/mysql:5.5.23

https://github.com/Avinza/CVE-2012-2122-scanner

https://github.com/cyberharsh/Oracle-mysql-CVE-2012-2122

https://github.com/zhangkaibin0921/CVE-2012-2122

+2 more repos

View in Library

Details

CWE

CWE-287

Status published

Products (49)

mariadb/mariadb 5.1.41

mariadb/mariadb 5.1.42

mariadb/mariadb 5.1.44

mariadb/mariadb 5.1.47

mariadb/mariadb 5.1.49

mariadb/mariadb 5.1.50

mariadb/mariadb 5.1.51

mariadb/mariadb 5.1.53

mariadb/mariadb 5.1.55

mariadb/mariadb 5.1.60

... and 39 more

Published Jun 26, 2012

Tracked Since Feb 18, 2026