Full Disclosure mailing list archives

Re: mysql password cracking

From: "Willem Koenings" <isec () europe com>
Date: Sat, 09 Oct 2004 09:44:55 -0500

hi,

I'm wondering how dangerous it is to allow a user on a 
mysql db to view the grants for another user. Could 
they take the encrypted password data and possibly 
crack it? If they can, how easy is it?


on certain condition it's quite easy, if you have
a hash:

test.exe 57510426775c5b0f
Hash: 57510426775c5b0f
Trying length 3
Trying length 4
Trying length 5
Found pass: guest


some reading for you:

http://www.ngssoftware.com/papers/HackproofingMySQL.pdf

all the best,

W.
-- 
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

mysql password cracking David Hane (Oct 08)
- Re: mysql password cracking Anders Langworthy (Oct 08)
- Re: mysql password cracking ppatters (Oct 09)
- <Possible follow-ups>
- Re: mysql password cracking Willem Koenings (Oct 09)
  - Re: mysql password cracking Chris Anley (Oct 11)