Error in MySQL and MariaDB allows login with wrong passwords.

An error have been found in the two database MySQL and MariaDB, which makes it possible to log into the database without knowing the correct password.

The error caused by improper use memcmp () function. When a password is to be checked, it is compared between two hash values by calling memcmp (), subsequent castes result to a byte value. When converting from a larger data type to a single byte is a risk of 1/256 that the result will be interpreted as a correct password, even if memcmp () had known that it was wrong.

Read more

Advertisements