Vulnerability Name: | CVE-2006-1451 (CCN-26420) | ||||||||
Assigned: | 2006-05-11 | ||||||||
Published: | 2006-05-11 | ||||||||
Updated: | 2017-07-20 | ||||||||
Summary: | MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a new MySQL database server, does not use the "New MySQL root password" that is provided, which causes the MySQL root password to be blank and allows local users to gain full privileges to that database. This vulnerability is addressed in the following product release: Apple, Mac OS X, 10.4.6 (2006-003) | ||||||||
CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Privileges | ||||||||
References: | Source: MITRE Type: CNA CVE-2006-1451 Source: CCN Type: Apple Security Update 2006-003 About Security Update 2006-003 Source: APPLE Type: Patch APPLE-SA-2006-05-11 Source: CCN Type: SA20077 Mac OS X Security Update Fixes Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 20077 Source: CCN Type: SECTRACK ID: 1016077 Apple MySQL Manager Database Initialization Bug May Let Local Users Access the Database Source: SECTRACK Type: UNKNOWN 1016077 Source: OSVDB Type: UNKNOWN 25595 Source: CCN Type: OSVDB ID: 25595 Apple Mac OS X MySQL Manager Blank root Password Source: BID Type: UNKNOWN 17951 Source: CCN Type: BID-17951 Apple Mac OS X Security Update 2006-003 Multiple Vulnerabilities Source: CCN Type: US-CERT Technical Cyber Security Alert TA06-132A Apple Mac Products Affected by Multiple Vulnerabilities Source: CERT Type: US Government Resource TA06-132A Source: VUPEN Type: UNKNOWN ADV-2006-1779 Source: XF Type: UNKNOWN macos-mysql-manager-blank-password(26420) Source: XF Type: UNKNOWN macos-mysql-manager-blank-password(26420) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: ![]() | ||||||||
BACK |