Shulou(Shulou.com)05/31 Report--

This article mainly shows you "MySQL exposed man-in-the-middle attack on Riddle loopholes can lead to user name and password disclosure", the content is easy to understand, clear, hope to help you solve doubts, the following let the editor lead you to study and learn "MySQL exposure man-in-the-middle attack on Riddle vulnerabilities can lead to user name and password disclosure how to do" this article.

Riddle vulnerabilities for MySQL versions 5.5 and 5.6 can disclose username and password information through man-in-the-middle attacks. Please update to version 5.7 as soon as possible.

Riddle vulnerabilities exist in DBMS Oracle MySQL, which can be exploited by attackers to steal usernames and passwords.

"Riddle is a high-risk security vulnerability found in Oracle MySQL 5.5,5.6 client databases. Allows attackers to use Riddle vulnerabilities in the middleman location to break the SSL configuration connection between the MySQL client and server." The vulnerability description reads. "this vulnerability is a very dangerous vulnerability because, first of all, it affects MySQL-the very popular SQL database-and secondly, it affects SSL connections, and according to SSL, it is supposed to be secure."

The Riddle vulnerability is numbered CVE-2017-3305 and can be captured by attackers when MySQL 5.5 and 5.6 send data to the server, including usernames and passwords.

The security updates for versions 5.5.49 and 5.6.30 did not fully fix the vulnerability. Experts noted that after version 5. 7 and the MariaDB system was not affected by the vulnerability.

Security researcher Pali Roh á r said the reason for the Riddle vulnerability is that the BACKRONYM vulnerability that previously existed in the MySQL database has not been fixed. Backronym vulnerabilities can be used to disclose passwords during man-in-the-middle attacks, even if traffic is encrypted.

"Security updates for stable versions of MySQL 5.5.49 and 5.6.30 add validation of security parameters after the authentication process is completed."because the action is made after the authentication is completed, using Riddle for intermediate attacks in conjunction with SSL degradation allows attackers to steal login data for authentication and log in to the MySQL server," Roh á r wrote.

"interestingly, when the MySQL server refuses to authenticate the user, the MySQL client does not report any SSL-related errors, but instead reports unencrypted error messages sent by the server. These error messages are controlled by man-in-the-middle attackers."

Experts recommend updating the client software to MySQL 5.7or MariaDB because the security updates for these applications work properly.

PoC

The author gives a PoC script written in Perl. It will open the riddle,MySQL server on local port 3307 and run on localhost:3306.

Run riddle on the man-in-the-middle server:

$perl riddle.pl

Connect the MySQL client to the riddle:

$mysql-- ssl-mode=REQUIRED-h 127.0.0.1-P 3307-u user-p password

If you provide the correct username and password, riddle will connect to the server, execute the SQL statement and output:

SELECT COUNT (*) FROM information_schema.TABLES-- > 121

The MySQL client receives an error message sent by riddle:

ERROR 1045 (28000): Access denied: MITM attack

Oracle does not fix vulnerabilities in time.

The Riddle vulnerability was discovered in February, but it can still affect Oracle MySql software.

"if you are not an Oracle customer, it is useless to report vulnerabilities to them (even security-related vulnerabilities). They can completely ignore any report, and if no one knows, they will be happy, so there is no need to fix the vulnerability," Roh á r explained.

The above is all the contents of the article "what to do if MySQL reveals that a man in the middle can leak a user name and password when attacking Riddle vulnerabilities?" Thank you for your reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.