MySQL AB ODBC Driver Plain Text Credentials Disclosure Vulnerability

vendor:

ODBC Driver

by:

SecurityFocus

7.5

CVSS

HIGH

Plain Text Credentials Disclosure

522

CWE

Product Name: ODBC Driver

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2002

MySQL AB ODBC Driver Plain Text Credentials Disclosure Vulnerability

A vulnerability has been reported in the MySQL AB ODBC (Open Data Base Connectivity) driver implementation. The MySQL ODBC driver reportedly stores plain text credentials used to connect to the specified database in the system registry. These credentials may be disclosed and used to connect to the target database. Other ODBC drivers may also be prone to the same issue, though this is not confirmed.

Mitigation:

Ensure that the system registry is secure and that only authorized personnel have access to it. Additionally, use strong passwords and encryption to protect the credentials stored in the system registry.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8245/info

A vulnerability has been reported in the MySQL AB ODBC (Open Data Base Connectivity) driver implementation. The MySQL ODBC driver reportedly stores plain text credentials used to connect to the specified database in the system registry.

These credentials may be disclosed and used to connect to the target database.

Other ODBC drivers may also be prone to the same issue, though this is not confirmed.

[HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBC.INI\TESTDSN]
"Driver"="C:\\WINDOWS\\System32\\myodbc3.dll"
"Description"="MySQL ODBC 3.51 Driver DSN"
"Database"="test"
"Server"="192.168.0.1"
"User"="user_name"
"Password"="plain_password"
"Port"="3306"
"Option"="3"
"Stmt"=""