CVE-2012-5615 (retired)

Priority
Description
Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a,
5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different
error messages with different time delays depending on whether a user name
exists, which allows remote attackers to enumerate valid usernames.
Package
Upstream:released (5.5.29)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (5.5.39)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Patches:
Upstream:http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/4676
Package
Upstream:released (5.6.20)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (5.6.23-1~exp1~ubuntu4)
Package
Upstream:needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):DNE
More Information

Updated: 2019-09-19 15:42:31 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)