1 research outputs found
An attack on MySQL's login protocol
The MySQL challenge-and-response authentication protocol is proved insecure.
We show how can an eavesdropper impersonate a valid user after witnessing only
a few executions of this protocol. The algorithm of the underlying attack is
presented. Finally we comment about implementations and statistical results.Comment: 15 pages, 3 figures. CoreLabs Technical Repor