The pluggable authentication module for mysql (pam_mysql) before 0.4.7 does not properly cleanse user input when constructing SQL statements, which allows attackers to obtain plaintext passwords or hashes.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Pam_mysql | Pam_mysql | 0.1 | 0.1 |
Pam_mysql | Pam_mysql | 0.2 | 0.2 |
Pam_mysql | Pam_mysql | 0.3 | 0.3 |
Pam_mysql | Pam_mysql | 0.4 | 0.4 |