User Enumeration Vulnerability in Oracle MySQL and MariaDB

User Enumeration Vulnerability in Oracle MySQL and MariaDB

CVE-2012-5615 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.

Learn more about our Cis Benchmark Audit For Mariadb.