Vulnerability Report

CVE-2002-1374

Title: MySQL COM_CHANGE_USER one-character password brute-force

Brute-force facilitation

Proof Of Concept

PoC Available for CVE-2002-1374

CWE Category NVD-CWE-noinfo
Published Date Dec 23, 2002
Modified Date Apr 03, 2025
Exploit Status Available
Score 7.5 CVSS v2.0
Exploit Probability (EPSS)
25.36%

Vulnerability Summary

CVE-2002-1374: The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.

Impacted Vendors

O
oracle 1
S
symantec_veritas 2
M
mysql 1
M
mysqljs 1

Reference Links

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000555 http://marc.info/?l=bugtraq&m=103971644013961&w=2 http://marc.info/?l=bugtraq&m=104004857201968&w=2 http://marc.info/?l=bugtraq&m=104005886114500&w=2 http://security.e-matters.de/advisories/042002.html http://www.debian.org/security/2002/dsa-212 http://www.linuxsecurity.com/advisories/engarde_advisory-2660.html http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:087 http://www.novell.com/linux/security/advisories/2003_003_mysql.html http://www.redhat.com/support/errata/RHSA-2002-288.html http://www.redhat.com/support/errata/RHSA-2002-289.html http://www.redhat.com/support/errata/RHSA-2003-166.html http://www.securityfocus.com/advisories/5269 http://www.securityfocus.com/bid/6373 http://www.trustix.net/errata/misc/2002/TSL-2002-0086-mysql.asc.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/10847 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000555 http://marc.info/?l=bugtraq&m=103971644013961&w=2 http://marc.info/?l=bugtraq&m=104004857201968&w=2 http://marc.info/?l=bugtraq&m=104005886114500&w=2 http://security.e-matters.de/advisories/042002.html http://www.debian.org/security/2002/dsa-212 http://www.linuxsecurity.com/advisories/engarde_advisory-2660.html http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:087 http://www.novell.com/linux/security/advisories/2003_003_mysql.html http://www.redhat.com/support/errata/RHSA-2002-288.html http://www.redhat.com/support/errata/RHSA-2002-289.html http://www.redhat.com/support/errata/RHSA-2003-166.html http://www.securityfocus.com/advisories/5269 http://www.securityfocus.com/bid/6373 http://www.trustix.net/errata/misc/2002/TSL-2002-0086-mysql.asc.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/10847
CVSS v2.0
Source Entity [email protected]
Severity HIGH
7.5
Access Vector
N/A
Authentication
N/A
RAW VECTOR AV:N/AC:L/Au:N/C:P/I:P/A:P

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2002-1374 Exploits & PoCs (Proof Of Concept)

Exploit-DB https://www.exploit-db.com/exploits/22084
View Code
MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A
Complexity N/A
Privileges N/A
Interaction NONE
CVSS Vector String AV:N/AC:L/Au:N/C:P/I:P/A:P

Affected Stack

No specific products linked.