October 20, 2016

Rapid 7 releases MySQL authentication bypass vulnerability scanning tool

(LiveHacking.Com) – Rapid 7, the people behind Metasploit, have released a free scanning tool which can probe all the MySQL servers on a network and see if any of them are vulnerable to the MySQL  authentication bypass vulnerability (CVE-2012-2122). The vulnerability, which was found in June, allows remote attackers to bypass the MySQL authentication by repeatedly authenticating with the same incorrect password.

The problem is that when a user connects to MySQL (or MariaDB), a hash of the password is used and compared with the sent password. But, because of a casting bug and because of the  way memcmp() is implemented in some libraries, sometimes the token and the expected password are considered equal even when they are not.The probability of hitting this bug and authenticating without the right password is about 1 in 256.

The new tool, ScanNow, will tell you if you have this MySQL vulnerability on your systems. It can scan a range of IP addresses and ports and create a report which can be saved for later reference.

Although free and scans for unlimited IPs, the tool ONLY checks for the MySQL CVE-2012-2122 vulnerability, it does not check for any other weaknesses.