CVE request: Mysql/Mariadb insecure salt-usage

[Huzaifa Sidhpurwala <huzaifas () redhat com>]

Hi,

Noticed another post by kingcope on full-disclosure, which basically
boils down to re-use of a salt-value when transmitting passwords
over a network.

If you could MITM/capture network packets, you could use this
weakness to determine the passwords.

References:
http://seclists.org/fulldisclosure/2012/Dec/58
https://bugzilla.redhat.com/show_bug.cgi?id=883719

Should this a CVE be assigned to this issue?


-- 
Huzaifa Sidhpurwala / Red Hat Security Response Team