oss-sec mailing list archives
Re: CVE request: Mysql/Mariadb insecure salt-usage
From: Sergei Golubchik <serg () askmonty org>
Date: Wed, 5 Dec 2012 13:43:46 +0100
Hi, Huzaifa! On Dec 05, Huzaifa Sidhpurwala wrote:
Noticed another post by kingcope on full-disclosure, which basically boils down to re-use of a salt-value when transmitting passwords over a network. If you could MITM/capture network packets, you could use this weakness to determine the passwords. References: http://seclists.org/fulldisclosure/2012/Dec/58 https://bugzilla.redhat.com/show_bug.cgi?id=883719 Should this a CVE be assigned to this issue?
https://mariadb.atlassian.net/browse/MDEV-3915 Regards, Sergei
Current thread:
- CVE request: Mysql/Mariadb insecure salt-usage Huzaifa Sidhpurwala (Dec 04)
- Re: CVE request: Mysql/Mariadb insecure salt-usage Sergei Golubchik (Dec 05)
- Re: CVE request: Mysql/Mariadb insecure salt-usage Kurt Seifried (Dec 06)
- Re: CVE request: Mysql/Mariadb insecure salt-usage Sergei Golubchik (Dec 05)