MySQL password exploit

I don't think this security flaw has already been mentioned here..

Recently the info about the MySQL password exploit appeared over the Internet, which means hackers are already using it.

Due to the vulnerability in MySQL's password handling it is possible to cause MySQL to change a user's current access restrictions to that of the "root" user in MySQL, without needing password.

Also via this exploit the encryption method of the MySQL can be accessed and the hacker will be able do decrypt user passwords(that in most cases is the same for their mailboxes, accounts, etc.)

It affects MySQL versions prior to 3.23.54

We strongly recommend everyone to upgrade MySQL to the latest stable version.

 

 

 

 

Top