CVE-2001-1275 in MySQL
Summary
by MITRE
MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 09/27/2025
The vulnerability described in CVE-2001-1275 represents a significant security flaw in MySQL database management systems prior to version 3.23.31. This issue stems from improper access controls within the SHOW GRANTS command implementation, which allows authenticated users to extract encrypted administrator passwords directly from the mysql.user table. The vulnerability specifically affects the privilege escalation mechanisms within the database system and demonstrates a critical weakness in the authorization model that was prevalent in early MySQL versions.
The technical flaw manifests through the SHOW GRANTS command which, instead of properly restricting access to sensitive administrative information, permits any authenticated user to retrieve password hashes stored in the mysql.user table. This occurs because the command does not adequately validate whether the requesting user has sufficient privileges to access such sensitive data. The vulnerability operates at the database access control level and directly violates the principle of least privilege by allowing unauthorized information disclosure. According to CWE-264, this represents a permissions weakness where the system fails to properly enforce access controls, and it aligns with ATT&CK technique T1078 which covers valid accounts and credential access.
The operational impact of this vulnerability is substantial as it provides attackers with the means to potentially compromise administrative accounts through password cracking techniques. Once an attacker obtains the encrypted password hash, they can attempt offline password cracking using various methods such as brute force, dictionary attacks, or rainbow table lookups. This creates a pathway for privilege escalation from regular user accounts to administrative privileges, potentially leading to complete system compromise. The vulnerability effectively undermines the security model of the database system by allowing information disclosure that should be restricted to only administrative users or the system itself.
The security implications extend beyond simple password exposure as this vulnerability enables attackers to gain deeper insights into the database structure and potentially identify additional attack vectors. The compromised administrator credentials could be used to modify database contents, create new administrative accounts, or disable security controls. Organizations using affected MySQL versions face significant risk of data breaches and unauthorized access to sensitive information stored within their databases. This vulnerability highlights the importance of proper access control implementation and demonstrates how seemingly minor flaws in privilege management can lead to major security compromises.
Mitigation strategies for this vulnerability require immediate patching of affected MySQL installations to version 3.23.31 or later where the access control restrictions have been properly implemented. System administrators should also conduct thorough security audits of their database configurations to ensure that only necessary users have access to administrative functions. The principle of least privilege should be strictly enforced, with regular reviews of user permissions and access controls. Additionally, organizations should implement strong password policies, account lockout mechanisms, and monitoring of administrative activities to detect potential exploitation attempts. This vulnerability serves as a critical reminder of the importance of maintaining up-to-date security patches and proper access control implementations in database systems.