Official Home of PHP-Fusion - Discussion Forum: Important: MySQL Vulnerability

Not a member yet?
Click here to register.

Forgotten your password?
Request a new one here.

Navigation

Latest Addons

AD Gallery	64
SyntaxHighlighte...	51
Newsletters v4.03	114
Facebook Like Box	132
Newsletters v4.02	60
Metro	171
Facebook Connect	173
Shoutbox Panel	129
Redactor for PHP...	107
MI Floating Side...	109
Facebook Login/R...	156
Avatar Studio v2.03	180
Relationship Sta...	98
Sexual Orientati...	116
Fisherman	144

Popular Addons

iTheme2	5808
Arise	5808
User Control v1.23	4623
Event Calendar	4053
Photowidget panel	3888
Radio-Theme red2...	3359
Highslide Gallery	3315
CSS/JavaScript D...	3234
Facebook Connect...	2990
Dynamic Menu	2895
Slideshow Lightb...	2727
L-AMANT	2660
Enigma	2637
2Dark	2608
Black	2580

Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site,
or upgrade to a Web browser that does support JavaScript; Firefox, Safari, Opera, Chrome or a version of Internet Explorer newer then version 6.

View Thread

Official Home of PHP-Fusion » PHP-Fusion 7 Support » Security Issues & Announcements

Who is here? 1 guest(s)

Important: MySQL Vulnerability - NOT PHP-FUSION
Craig	#1 Posted on 29-06-2012 13:59
Fusioneer Posts: 3980 Joined: 27/09/2005	Hi Everyone, A security flaw was discovered in MySQL's authentication system. Without going into too much detail, some versions of MySQL will allow a successful login 1 in 256 times regardless of password (the username does seemingly have to be correct). It's within MySQL's authentication system. Most MySQL installations don't allow root access over the network in a default install (and indeed are recommended not to be enabled), so the username part is still providing some protection. For more information on the exploit, please see: http://www.thereg...word_flaw/ https://community...w-in-mysql Regards Fangree_Craig FusionTube Official Site


Richard Ainz	#2 Posted on 29-06-2012 15:23
Super Admin Posts: 1895 Joined: 24/01/2005	I need this verified and an elaboration on concrete implications for PHP-Fusion. Coordinator of the Development of PHP-Fusion 8 Community Moderation Management & Support Team Leader Owner of: www.php-fusion.se \| www.php-fusion.net \| www.php-fusion.us \| www.php-fusion.mobi


Craig	#3 Posted on 29-06-2012 16:09
Fusioneer Posts: 3980 Joined: 27/09/2005	mySQL vulnerabilities up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 · OpenSSL Still vulnerable. http://www.ubuntu...sn-1467-1/ http://www.darkre...ility.html FusionTube Official Site

Jump to Forum:

Similar Threads

Thread	Forum	Replies	Last Post
How does the password encryption on php fusion work?	User Administration	4	17-05-2013 19:40
Upgrade from PHP Fusion 7.00 to 7.02	Upgrading issues	3	17-05-2013 09:12
PHP-Fusion font for new header	Themes Support	4	28-04-2013 04:50
How to insert a video from YouTude for php-fusion	Content Administration	3	27-04-2013 00:10
Probleme beim übertagen von Usern in neue Fusion	Ideas for Modifications and Requests	3	20-04-2013 14:45

Official Home of PHP-Fusion uses cookies. Some may already have been set. Read more about our Cookies here.
Please click the button I Consent Cookies to hide this bar and accept our cookies. If you continue to use the site with no action taken, we'll assume that you consent our cookies anyway.

Arise Theme by Domi 2011	105,808,001 unique visits
	Powered by PHP-Fusion copyright © 2002 - 2013 by Nick Jones. Released as free software without warranties under GNU Affero GPL v3.

National Support Network

General

Information

Extensions

Affiliated Sites

Misc