Computersnyou

scan mysql root authentication vulnerability CVE-2012-2122 with free scanner

Posted on  9/20/2012
Few months ago critical and amazing vulnerability was discovered in mysql , you can see in detail here : by HD Moore ( founder of metasploit project ) , andCVE reference : http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2122
mysql bug post : http://bugs.mysql.com/bug.php?id=64884

<div class="separator" style="clear: both; text-align: center;">
  <img alt="" src="http://3.bp.blogspot.com/-ICdvjs_pznw/UFtBkYONwxI/AAAAAAAAHYY/_NKZdbzNhdU/s1600/scan-now-CVE-2012-2122-MySQL-authentication-bypass-vulnerability-scanner.jpeg" border="0" />
</div>

<p>
  <a name="more"></a>
</p>

<blockquote class="twitter-tweet tw-align-center">
  <p>
    RT @<a href="https://twitter.com/chris_kirsch">chris_kirsch</a>: New: Free Scanner for MySQL Authentication Bypass CVE-2012-2122 <a title="http://lnkd.in/ZMMABf" href="http://t.co/i6AUCewH">lnkd.in/ZMMABf</a> <a href="https://twitter.com/search/%23ScanNow">#ScanNow</a> <a href="https://twitter.com/search/%23Rapid7">#Rapid7</a><br /> — Rapid7 (@rapid7) <a href="https://twitter.com/rapid7/status/248799030040227840" data-datetime="2012-09-20T15:01:25+00:00">September 20, 2012</a>
  </p>
</blockquote>

<p>
  Today rapid7 team released a tool to scan possible vulnerabilities in your network , that tool is free of cost and work on windows you can more detail and download link for tool in <a href="https://community.rapid7.com/community/infosec/blog/2012/09/20/cve-2012-2122-mysql-password-vulnerability-scanner-scannow" target="_blank">blog post </a>.<br /> if you already use metasploit framework or metasploit pro then you can use an auxiliary module to search in network for this vulnerability
</p>

<pre class="codesBash">msf &gt; use auxiliary/scanner/mysql/mysql_authbypass_hashdump</pre>

use this tool to check and update mysql version is best way to prevent any attack


  • Home
  • About