MySQL Root Access Security Bug
Just saw that MySQL and MariaDB have a root authentication bypass issue
A remote attacker can gain the root login to MySQL and MariaDB RDBMS by trying any password 200-500 times
Basically account password protection is as good as nonexistent.Said the security researcher.
Think of all the content that is only protected by MySQL tables around the world. Many very popular releases are vulnerable. Fortunately, Debian, RHEL, CentOS are not, but most other distros including Ubuntu, Arch, Fedora, and OpenSUSE are.
Time to rethink your webhost OS?
It is definitely time to lock down network SQL access to only the specific clients that require it. Of course, patched versions will be available shortly. An out of cycle patch could be a good idea this week.
