An attack on MySQL's login protocol

Ariel Waissbein (CoreLabs; Carlos Sarraute; Core Security Technologies); Emiliano Kargieman; Gerardo Richarte; Ivan Arce

arxiv: 1006.2411 · v1 · submitted 2010-06-11 · 💻 cs.CR

An attack on MySQL's login protocol

Ivan Arce , Emiliano Kargieman , Gerardo Richarte , Carlos Sarraute , Ariel Waissbein (CoreLabs , Core Security Technologies) This is my paper

classification 💻 cs.CR

keywords protocolattackmysqlalgorithmauthenticationchallenge-and-responsecommenteavesdropper

0 comments

read the original abstract

The MySQL challenge-and-response authentication protocol is proved insecure. We show how can an eavesdropper impersonate a valid user after witnessing only a few executions of this protocol. The algorithm of the underlying attack is presented. Finally we comment about implementations and statistical results.

This paper has not been read by Pith yet.

An attack on MySQL's login protocol

discussion (0)