Authentication Bypass Vulnerability in puppetlabs-mysql 3.1.0 through 3.6.0

Authentication Bypass Vulnerability in puppetlabs-mysql 3.1.0 through 3.6.0

CVE-2015-7224 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentication by leveraging creation of a database account without a password when a 'mysql_user' user parameter contains a host with a netmask.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.