How to deal with password leakage caused by MySQL man-in-the-middle attack Riddle vulnerability, mysqlriddle

How to deal with password leakage caused by MySQL man-in-the-middle attack Riddle vulnerability, mysqlriddle

The Riddle vulnerability for MySQL 5.5 and 5.6 exposes username and password information through man-in-the-middle attacks. Update to version 5.7 as soon as possible.

The Riddle vulnerability exists in DBMS Oracle MySQL. Attackers can exploit the vulnerability and man-in-the-middle identity to steal user names and passwords.

"Riddle is a high-risk security vulnerability found in Oracle MySQL 5.5 and 5.6 client databases. Attackers can use the Riddle vulnerability in the man-in-the-middle location to break the SSL configuration connection between the MySQL client and the server ." Vulnerability description. "This vulnerability is a very dangerous vulnerability, because it affects MySQL first-the very popular SQL database-and the SSL connection. According to the definition of SSL, it should be safe ."

Riddle vulnerability IDs are CVE-2017-3305, which attackers can capture when MySQL 5.5 and 5.6 send data to the server, including the username and password.

Security Updates for versions 5.5.49 and 5.6.30 have not completely fixed the vulnerability. Experts noted that Versions later than version 5.7 and MariaDB are not affected by the vulnerability.

Security researcher Pali rohár said that the cause of the Riddle vulnerability was that the BACKRONYM vulnerability in the MySQL database was not fixed. The Backronym vulnerability can be used to leak passwords during man-in-the-middle attacks, even if the traffic is encrypted.

"For stable versions of MySQL 5.5.49 and 5.6.30, security parameters are verified after the verification process is completed ." "Because the action is completed after verification, you can use Riddle for intermediate attacks and use SSL downgrade to steal login data for identity authentication and log on to the MySQL server, "rohár wrote.

"Interestingly, when the MySQL server rejects user authentication, the MySQL client does not report any SSL-related errors, but reports unencrypted error messages sent by the server. These error messages are controlled by man-in-the-middle attackers ."

Experts recommend that you update the client software to MySQL 5.7 or MariaDB because the security updates of these applications work properly.

PoC

The author provides the PoC script written in Perl. It enables riddle on the local port 3307, And the MySQL server runs on localhost: 3306.

Run riddle on the mitm Server:

$ perl riddle.pl

Connect the MySQL client to the riddle:

$ mysql --ssl-mode=REQUIRED -h 127.0.0.1 -P 3307 -u user -p password

If you provide the correct username and password, riddle will connect to the server, execute the SQL statement and output:

SELECT COUNT(*) FROM information_schema.TABLES --> 121

The MySQL client will receive an error message sent by riddle:

ERROR 1045 (28000): Access denied: MITM attack

Oracle vulnerability repair is not timely

The Riddle vulnerability was detected in May February, but it still affects the Oracle MySql software.

"If you are not an Oracle customer, it is useless to report the vulnerability to them (even security-related vulnerabilities ). They can ignore any reports. If no one knows, they will be very happy, so they do not need to fix the vulnerabilities, "rohár explained.

Summary

The above section describes how to deal with the MySQL man-in-the-middle attack Riddle vulnerability that can cause user name and password leakage. I hope it will be helpful to you. If you have any questions, please leave a message, the editor will reply to you in a timely manner. Thank you very much for your support for the help House website!