Full Disclosure mailing list archives
Re: mysql password cracking
From: "Willem Koenings" <isec () europe com>
Date: Sat, 09 Oct 2004 09:44:55 -0500
hi,
I'm wondering how dangerous it is to allow a user on a mysql db to view the grants for another user. Could they take the encrypted password data and possibly crack it? If they can, how easy is it?
on certain condition it's quite easy, if you have a hash: test.exe 57510426775c5b0f Hash: 57510426775c5b0f Trying length 3 Trying length 4 Trying length 5 Found pass: guest some reading for you: http://www.ngssoftware.com/papers/HackproofingMySQL.pdf all the best, W. -- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- mysql password cracking David Hane (Oct 08)
- Re: mysql password cracking Anders Langworthy (Oct 08)
- Re: mysql password cracking ppatters (Oct 09)
- <Possible follow-ups>
- Re: mysql password cracking Willem Koenings (Oct 09)
- Re: mysql password cracking Chris Anley (Oct 11)