Date: Wed, 05 Dec 2012 12:26:58 +0530 From: Huzaifa Sidhpurwala <huzaifas@...hat.com> To: oss-security@...ts.openwall.com CC: Kurt Seifried <kseifried@...hat.com>, "Steven M. Christey" <coley@...us.mitre.org> Subject: CVE request: Mysql/Mariadb insecure salt-usage Hi, Noticed another post by kingcope on full-disclosure, which basically boils down to re-use of a salt-value when transmitting passwords over a network. If you could MITM/capture network packets, you could use this weakness to determine the passwords. References: http://seclists.org/fulldisclosure/2012/Dec/58 https://bugzilla.redhat.com/show_bug.cgi?id=883719 Should this a CVE be assigned to this issue? -- Huzaifa Sidhpurwala / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.