[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] mysql password cracking

Subject: Re: [Full-Disclosure] mysql password cracking
From: Anders Langworthy <hades@xxxxxxxxxxxxxxxx>
Date: Fri, 08 Oct 2004 16:05:00 -0500

David Hane wrote:

I'm wondering how dangerous it is to allow a user on a
mysql db to view the grants for another user. Could
they take the encrypted password data and possibly
crack it? If they can, how easy is it?

If a user can read the password data, it should be possible to do a dictionary-type attack against the hashed passwords. John the Ripper has a plugin for MySQL passwords. The difficulty (time) is dependent primarily on the weakness of the passwords used.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] mysql password cracking
  - From: David Hane

Prev by Date: Re: [Full-Disclosure] Hacking into private files, my credit card purchases, personal correspondence or anything that is mine is trespassing and criminal.
Next by Date: RE: [Full-Disclosure] Hacking into private files, my credit card purchases, personal correspondence or anything that is mine is trespassing and criminal.
Previous by thread: [Full-Disclosure] mysql password cracking
Next by thread: Re: [Full-Disclosure] mysql password cracking
Index(es):
- Date
- Thread