Rapid7 has released a tool to scan an unlimited number of IP addresses for the MySQL Authentication Bypass vulnerability.  Tt's simple to use, completely free, and scans unlimited IPs for this vulnerability!

Recently, vulnerability listed as CVE-2012-2122. This vulnerability allows an attacker to bypass authentication in MySQL with a 1 in 256 chance of succeeding per login attempt.

Exploit for this vulnerability was released on Tools Yard before. Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23 are vulnerable to this bug.

According to HD Moore, “1.5 million allowed authentication, but a much smaller portion were found vulnerable to this flaw. Of the ~35k Ubuntu servers found, only about ~8000 were likely to be exploitable.”

The tool released today will allow IT teams a quick and easy check to determine if their MySQL deployments are vulnerable or not.

The ScanNow tool is free, and can be downloaded here.

Subscribe Top Hacker Stories via email