CVE-2002-1374
Description
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
63cpe:2.3:a:oracle:mysql:3.22.26:*:*:*:*:*:*:*+ 46 more
- cpe:2.3:a:oracle:mysql:3.22.26:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.22.27:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.22.28:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.22.29:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.22.30:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.22.32:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.10:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.23:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.24:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.25:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.26:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.27:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.28:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.29:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.30:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.31:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.34:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.36:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.37:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.38:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.39:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.40:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.41:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.42:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.43:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.44:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.45:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.46:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.47:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.48:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.49:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.50:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.51:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.52:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.53:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.53a:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.8:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:3.23.9:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:4.0.5a:*:*:*:*:*:*:*
cpe:2.3:a:symantec_veritas:netbackup_advanced_reporter:3.4:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:symantec_veritas:netbackup_advanced_reporter:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:symantec_veritas:netbackup_advanced_reporter:4.5:*:*:*:*:*:*:*
- cpe:2.3:a:symantec_veritas:netbackup_advanced_reporter:4.5_fp1:*:*:*:*:*:*:*
- cpe:2.3:a:symantec_veritas:netbackup_advanced_reporter:4.5_fp2:*:*:*:*:*:*:*
- cpe:2.3:a:symantec_veritas:netbackup_advanced_reporter:4.5_fp3:*:*:*:*:*:*:*
- cpe:2.3:a:symantec_veritas:netbackup_advanced_reporter:4.5_mp1:*:*:*:*:*:*:*
- cpe:2.3:a:symantec_veritas:netbackup_advanced_reporter:4.5_mp2:*:*:*:*:*:*:*
- cpe:2.3:a:symantec_veritas:netbackup_advanced_reporter:4.5_mp3:*:*:*:*:*:*:*
cpe:2.3:a:symantec_veritas:netbackup_global_data_manager:4.5:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:symantec_veritas:netbackup_global_data_manager:4.5:*:*:*:*:*:*:*
- cpe:2.3:a:symantec_veritas:netbackup_global_data_manager:4.5_fp1:*:*:*:*:*:*:*
- cpe:2.3:a:symantec_veritas:netbackup_global_data_manager:4.5_fp2:*:*:*:*:*:*:*
- cpe:2.3:a:symantec_veritas:netbackup_global_data_manager:4.5_fp3:*:*:*:*:*:*:*
- cpe:2.3:a:symantec_veritas:netbackup_global_data_manager:4.5_mp1:*:*:*:*:*:*:*
- cpe:2.3:a:symantec_veritas:netbackup_global_data_manager:4.5_mp2:*:*:*:*:*:*:*
- cpe:2.3:a:symantec_veritas:netbackup_global_data_manager:4.5_mp3:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
Root cause
"The COM_CHANGE_USER command in MySQL improperly compares passwords by only checking the first character."
Attack vector
An authenticated database user can exploit this vulnerability by brute-forcing the first character of another user's password. The server iterates through a comparison using a string returned by the client for the COM_CHANGE_USER command. If the attacker can successfully guess the first character of the correct password, they can authenticate as that user. The valid character set for passwords is 32 characters, meaning a maximum of 32 attempts are needed to guess the first character [ref_id=1].
Affected code
The vulnerability lies within the password authentication mechanism related to the COM_CHANGE_USER command in MySQL. Specifically, the server uses a string returned by the client to iterate through a comparison when attempting to authenticate a password. This flawed comparison logic allows for successful authentication if only the first character of the password is guessed correctly [ref_id=1].
What the fix does
The advisory does not specify a patch or provide details on the fix. However, the vulnerability is described as a flaw in the password authentication mechanism where the server uses a string returned by the client to iterate through a comparison for password authentication. A proper fix would involve ensuring the entire password is compared, not just the first character, and that the length of the scramble string does not influence the password check [ref_id=1].
Preconditions
- authThe attacker must be an authenticated database user.
- inputThe target user must have a password set for the brute-force attack to be effective.
Generated on Jun 5, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
16- www.linuxsecurity.com/advisories/engarde_advisory-2660.htmlnvdPatchVendor Advisory
- www.securityfocus.com/bid/6373nvdExploitPatchVendor Advisory
- distro.conectiva.com.br/atualizacoes/nvd
- marc.infonvd
- marc.infonvd
- marc.infonvd
- security.e-matters.de/advisories/042002.htmlnvd
- www.debian.org/security/2002/dsa-212nvd
- www.mandrakesoft.com/security/advisoriesnvd
- www.novell.com/linux/security/advisories/2003_003_mysql.htmlnvd
- www.redhat.com/support/errata/RHSA-2002-288.htmlnvd
- www.redhat.com/support/errata/RHSA-2002-289.htmlnvd
- www.redhat.com/support/errata/RHSA-2003-166.htmlnvd
- www.securityfocus.com/advisories/5269nvd
- www.trustix.net/errata/misc/2002/TSL-2002-0086-mysql.asc.txtnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/10847nvd
News mentions
0No linked articles in our index yet.