Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » MySQL bug can strip SSL protection from connections

MySQL bug can strip SSL protection from connections

2015/04/30

Threatpost - (International) Researchers at Duo Security identified a serious vulnerability in how versions of Oracle's MySQL database product handle requests for secure connections, in which an attacker could use a man-in-the-middle (MitM) attack to unencrypted connection and intercept unencrypted queries from the database. In this scenario, the attack could occur regardless of whether or not the server is toggled to require secure socket layer (SSL).

Source: https://threatpost.com/mysql-bug-can-strip-ssl-protection-from-connections/112513

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:24:13