CVE-2012-2122

NUCLEI LAB

Oracle MySQL 5.1.x < 5.1.63, 5.5.x < 5.5.24, 5.6.x < 5.6.6 - Authentication Bypass via Repeated Failed Authentication

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 6 public exploits for CVE-2012-2122. PoCs published by David Kennedy (ReL1K), cyberharsh, Avinza, including Metasploit module auxiliary/scanner/mysql/mysql_authbypass_hashdump. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit leverages a MySQL authentication bypass vulnerability (CVE-2012-2122) by repeatedly attempting to authenticate as 'root' with an incorrect password. The flaw in MySQL's memcmp implementation allows authentication to succeed after multiple failed attempts.

Description

sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.

Exploits (6)

exploitdb WORKING POC VERIFIED
by David Kennedy (ReL1K) · pythonremotemultiple
https://www.exploit-db.com/exploits/19092

This exploit leverages a MySQL authentication bypass vulnerability (CVE-2012-2122) by repeatedly attempting to authenticate as 'root' with an incorrect password. The flaw in MySQL's memcmp implementation allows authentication to succeed after multiple failed attempts.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: MySQL (versions affected by CVE-2012-2122)
No auth needed
Prerequisites: Network access to the MySQL server · MySQL server vulnerable to CVE-2012-2122
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WRITEUP 1 stars
by cyberharsh · poc
https://github.com/cyberharsh/Oracle-mysql-CVE-2012-2122

This repository provides a writeup and environment setup for CVE-2012-2122, an authentication bypass vulnerability in MySQL/MariaDB due to incorrect handling of password comparisons. It includes instructions for reproducing the flaw using a brute-force approach.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: MySQL (5.1.63, 5.5.24, 5.6.6), MariaDB (5.1.62, 5.2.12, 5.3.6, 5.5.23)
No auth needed
Prerequisites: MySQL/MariaDB server with vulnerable version · Network access to the target server
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER 1 stars
by Avinza · poc
https://github.com/Avinza/CVE-2012-2122-scanner

This is a PHP-based scanner for CVE-2012-2122, which targets MySQL servers with weak authentication. It attempts to connect to MySQL instances using a random password and, if successful, dumps user credentials from the 'mysql.user' table.

Classification
Scanner 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: MySQL (versions affected by CVE-2012-2122)
No auth needed
Prerequisites: Network access to MySQL port (3306) · MySQL server with weak or default credentials
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by netw0rk7 · poc
https://github.com/netw0rk7/CVE-2012-2122-Home-Lab

This repository provides a Docker-based lab environment to demonstrate CVE-2012-2122, a MySQL authentication bypass vulnerability affecting versions 5.5.23 and earlier. It includes an automated flag generation script for training purposes.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: MySQL 5.5.23 and earlier
No auth needed
Prerequisites: Docker environment · MySQL client for exploitation
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by zhangkaibin0921 · poc
https://github.com/zhangkaibin0921/CVE-2012-2122

This Go-based PoC exploits CVE-2012-2122, a MySQL authentication bypass vulnerability, by repeatedly attempting to connect with incorrect credentials. It retrieves user credentials from the 'mysql.user' table upon successful exploitation.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: MySQL (versions affected by CVE-2012-2122)
No auth needed
Prerequisites: Network access to MySQL server · MySQL server vulnerable to CVE-2012-2122
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
by theLightCosine, jcran · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/mysql/mysql_authbypass_hashdump.rb

This Metasploit module exploits CVE-2012-2122, an authentication bypass vulnerability in MySQL/MariaDB, to dump username and password hashes. It uses a brute-force approach to bypass authentication by sending repeated login attempts with random passwords.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: MySQL (5.1.x < 5.1.63, 5.5.x < 5.5.24, 5.6.x < 5.6.6) and MariaDB (5.1.x < 5.1.62, 5.2.x < 5.2.12, 5.3.x < 5.3.6, 5.5.x < 5.5.23)
No auth needed
Prerequisites: Network access to the MySQL/MariaDB server · MySQL/MariaDB server with vulnerable version
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

MySQL - Authentication Bypass
MEDIUMVERIFIEDby pussycat0x
Shodan: product:"MySQL" || product:"mysql"

References (11)

Core 11
Core References
Exploit x_refsource_misc
http://bugs.mysql.com/bug.php?id=64884
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/53911
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/19092
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/53372
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201308-06.xml
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1027143
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49417
Patch mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2012/q2/493
Various Sources x_refsource_confirm
http://kb.askmonty.org/en/mariadb-5162-release-notes/

Scores

EPSS 0.9650
EPSS Percentile 99.9%

Lab Environment

COMMUNITY
Community Lab
docker pull vulhub/mysql:5.5.23
+2 more repos

Details

CWE
CWE-287
Status published
Products (49)
mariadb/mariadb 5.1.41
mariadb/mariadb 5.1.42
mariadb/mariadb 5.1.44
mariadb/mariadb 5.1.47
mariadb/mariadb 5.1.49
mariadb/mariadb 5.1.50
mariadb/mariadb 5.1.51
mariadb/mariadb 5.1.53
mariadb/mariadb 5.1.55
mariadb/mariadb 5.1.60
... and 39 more
Published Jun 26, 2012
Tracked Since Feb 18, 2026