On April 15, 2017, it was revealed that DBMS Oracle MySQL had a riddle vulnerability. Attackers can exploit this vulnerability to start man-in-the-middle attacks to steal user names and passwords.
See the following for more information about the vulnerability.
MySQL man-in-the-middle attack riddle vulnerability
The man-in-the-middle riddle vulnerability is a high-severity security vulnerability found in Oracle MySQL 5.5 and 5.6 client databases. The vulnerability allows attackers to use riddle in the middle to break SSL connections between MySQL clients and servers.
Condition and method of exploitation
Tools can be used to start remote man-in-the-middle attacks.
- Affected versions: MySQL 5.5 and 5.6
- Unaffected versions: MySQL 5.7 and later versions, MariaDB
Check whether any affected version of MySQL is used.
mysql> select version();
| version() |
[color=#333333]| 5.1.69 | -[/color][color=#ff0000]--Affected[/color]
1 row in set (0.12 sec)
How to fix or mitigate
Upgrade MySQL to MySQL 5.7 or MariaDB.
Use the security group public network inbound policy or MySQL authorization feature to restrict Port 3306 from remotely logging on to the source IP address.