Nmap Development mailing list archives
Re: MySQL scripts
From: Ron <ron () skullsecurity net>
Date: Fri, 22 Jan 2010 15:27:47 -0600
On 01/22/2010 03:21 PM, David Fifield wrote:
Checking for an empty password is a special case of brute-force guessing. Is MySQL commonly installed with a blank root password. Like, is it installed that way by default or something? If it's not common enough to be worth checking for on its own, I suggest combining it with mysql-brute. Someone checking for blank passwords is also probably going to want to check for other weak passwords.
By default, if you install MySQL from source, it creates four accounts with blank passwords:
root@localhost root@[machine name] [blank]@localhost [blank]@[machine name]Since those are the defaults, in some ways it makes sense to check them specially.
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- MySQL scripts Patrik Karlsson (Jan 18)
- Re: MySQL scripts Fyodor (Jan 19)
- Re: MySQL scripts Patrik Karlsson (Jan 19)
- Re: MySQL scripts Ron (Jan 19)
- Re: MySQL scripts Patrik Karlsson (Jan 19)
- Re: MySQL scripts David Fifield (Jan 22)
- Re: MySQL scripts Ron (Jan 22)
- Re: MySQL scripts David Fifield (Jan 22)
- Re: MySQL scripts Patrik Karlsson (Jan 23)
- Re: MySQL scripts Ron (Jan 23)
- Re: MySQL scripts Patrik Karlsson (Jan 23)
- Re: MySQL scripts David Fifield (Jan 25)
- Re: MySQL scripts Ron (Jan 22)
- Re: MySQL scripts Fyodor (Jan 19)