CVE-2012-5615

Medium CVSS 5.0

Overview

Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.

CWE: CWE-200 Published: 2012-12-03T12:49:43.830

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 5.0 (MEDIUM)
Detected tags: none (tag impact: LOW)

Recommended actions:

Prioritize remediation based on business criticality and exposure.
Limit exposure and increase monitoring until fixed.

Overview

Recommended tools

Tags